https://community.splunk.com/t5/Splunk-Search/How-to-search-Regex-to-Detect-CVE-2020-0688-Vulnerability/m-p/510456#M142864 <P>Hi</P> <P>As you know one of the latest vulnerability was CVE-2020-0688 on microsoft exchange server. so I'm trying free splunk on my lab environment and also install sysmon on microsoft exchange server and copy my sysmon evtx file to splunk for inspection log to detect above vulnerability. but i am new in splunk and want the syntax of search regex to do this.</P> <P>please let me know how can i do?</P> <P>Regards,</P> <P>Mahdi</P> Thu, 23 Jul 2020 03:53:01 GMT MBashiri 2020-07-23T03:53:01Z https://community.splunk.com/t5/Splunk-Search/How-to-search-Regex-to-Detect-CVE-2020-0688-Vulnerability/m-p/510456#M142864 <P>Hi</P> <P>As you know one of the latest vulnerability was CVE-2020-0688 on microsoft exchange server. so I'm trying free splunk on my lab environment and also install sysmon on microsoft exchange server and copy my sysmon evtx file to splunk for inspection log to detect above vulnerability. but i am new in splunk and want the syntax of search regex to do this.</P> <P>please let me know how can i do?</P> <P>Regards,</P> <P>Mahdi</P> Thu, 23 Jul 2020 03:53:01 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-Regex-to-Detect-CVE-2020-0688-Vulnerability/m-p/510456#M142864 MBashiri 2020-07-23T03:53:01Z https://community.splunk.com/t5/Splunk-Search/How-to-search-Regex-to-Detect-CVE-2020-0688-Vulnerability/m-p/510470#M142867 We need more information. Please share some sample data and highlight what you would like the regex to find. Wed, 22 Jul 2020 14:34:43 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-Regex-to-Detect-CVE-2020-0688-Vulnerability/m-p/510470#M142867 richgalloway 2020-07-22T14:34:43Z https://community.splunk.com/t5/Splunk-Search/How-to-search-Regex-to-Detect-CVE-2020-0688-Vulnerability/m-p/510551#M142892 <P><A href="https://github.com/Neo23x0/signature-base/blob/master/yara/vul_cve_2020_0688.yar" target="_blank">https://github.com/Neo23x0/signature-base/blob/master/yara/vul_cve_2020_0688.yar</A><BR /><BR /></P><P>&nbsp;index=yours&nbsp; "<SPAN>CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF"&nbsp;<BR /><BR />In the reference, static key is the signature.<BR /><BR /><BR /></SPAN></P> Wed, 22 Jul 2020 22:56:45 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-Regex-to-Detect-CVE-2020-0688-Vulnerability/m-p/510551#M142892 to4kawa 2020-07-22T22:56:45Z