Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- splunk dashboard searching
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunk dashboard searching
on the splunk dashboard, is there a way to search for origin/source of a malware attack?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FireEye monitors our network and catches Malware Callbacks, I'm looking for a script tell me who sent the Malware?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not very familiar with FireEye logs but logs can be pretty straightforward at most times. If source and destination IPs are visible in the logs, and you know what specific Malware attack to look up to then it's just a matter of identifying what time it occurred.
And if the source is not available in the logs, you'll just have to index the logs that contain the source (most likely firewall and network logs) then try to correlate it with the logs that contain the Malware attack.
Regarding the script that you're asking, you mean search query?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes. NO. Maybe. It depends.
It depends on what you mean by "dashboard". It depends on what kind of attack. It depends on what your organization actually puts in splunk.
So, please update your question to be VERY specific.
We experienced an ABC attack, which
had THIS effect on our
organization/network/data.What log data would we need to have
captured in order to determine the
source of the attack? What resources
are available in the splunk platform
to help us track that down?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
your question is vague.
Assuming you're indexing logs containing the Malware attack and given that you know what type of attacks were executed on a certain time, yes, you can search that malware attack.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is there a script for the search?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
are you looking at table or raw event data?
Moreover, origin in the sense of ip look lookup? Can you share more about what do you see?
thanks
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
