All Apps and Add-ons
Highlighted

How does the Internal Spammers dashboard work in the Splunk App for Microsoft Exchange?

Explorer

There are three settings which can be modified in the dashboard but we haven't been able to find and definitions as to what exactly the parameters are related to and how they interact.

Minimum Messages (defaults to 80)
Message Rate (defaults to 80)
(Time)(defaults to All Time)

Opening the dashboard in a Search reveals this: 'internal-spammer'(80,80)'

Highlighted

Re: How does the Internal Spammers dashboard work in the Splunk App for Microsoft Exchange?

Explorer

Finally found what I was looking for - Internal Spammers is a Macro requiring 2 Arguments. Now that I can see the search definition it makes a bit more sense.

View solution in original post

Highlighted

Re: How does the Internal Spammers dashboard work in the Splunk App for Microsoft Exchange?

Community Manager
Community Manager

Hi @jmccreery

If you could provide more insight on your understanding beyond the definition for folks who might still be in the dark about this, feel free to share 🙂

Patrick

0 Karma
Highlighted

Re: How does the Internal Spammers dashboard work in the Splunk App for Microsoft Exchange?

Explorer

Running the internal spammers with parameters (60,60) report for a time period of 60 minutes does this:

Has any account sent to more than 60 people in the previous 60 minutes?
If so, have they sent messages at a rate of more than 60 messages per minute?
If so, send an alert.

0 Karma