topic Re: Search string in Splunk Search https://community.splunk.com/t5/Splunk-Search/Search-string/m-p/30477#M178034 <P>This blog entry has details for you on how to address SQL injections with Splunk.</P> <P><A href="http://blogs.splunk.com/2010/02/04/sql-injections-the-splunk-method-for-auditing-your-application-security-model/">http://blogs.splunk.com/2010/02/04/sql-injections-the-splunk-method-for-auditing-your-application-security-model/</A></P> <P>You may just want to search for web log events with a standard deviation of greater than the average like len(_raw) with greater than 2.5 Std deviation. </P> <P>Example using standard deviation here - <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/stats">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/stats</A></P> <P>Hopefully somebody else can help with the cross sight scripting details and if that is possible to determine from within an IIS Log.</P> Thu, 19 Apr 2012 21:05:10 GMT sdaniels 2012-04-19T21:05:10Z Search string https://community.splunk.com/t5/Splunk-Search/Search-string/m-p/30476#M178033 <P>How do i search for Sql injection or XSS in IIS log. Can any body give me example too</P> Thu, 19 Apr 2012 13:00:30 GMT https://community.splunk.com/t5/Splunk-Search/Search-string/m-p/30476#M178033 unso 2012-04-19T13:00:30Z Re: Search string https://community.splunk.com/t5/Splunk-Search/Search-string/m-p/30477#M178034 <P>This blog entry has details for you on how to address SQL injections with Splunk.</P> <P><A href="http://blogs.splunk.com/2010/02/04/sql-injections-the-splunk-method-for-auditing-your-application-security-model/">http://blogs.splunk.com/2010/02/04/sql-injections-the-splunk-method-for-auditing-your-application-security-model/</A></P> <P>You may just want to search for web log events with a standard deviation of greater than the average like len(_raw) with greater than 2.5 Std deviation. </P> <P>Example using standard deviation here - <A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/stats">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/stats</A></P> <P>Hopefully somebody else can help with the cross sight scripting details and if that is possible to determine from within an IIS Log.</P> Thu, 19 Apr 2012 21:05:10 GMT https://community.splunk.com/t5/Splunk-Search/Search-string/m-p/30477#M178034 sdaniels 2012-04-19T21:05:10Z