Good morning to you all,
In the same index I have 2 fields called port1 and port2.
Port1 and Port2 can both have values between 0-65535.
I want determine if there is port 3389.
This is part of the solwarwinds recommendation list (outward facing ports) from CISA.
Pretty much I am stuck with match or between or if in the eval (not my strong suit).
Your feedback is valued so thanks in advance!
I think below should work;
| eval RDPport=if(port1<=3389 AND port2>=3389,"TRUE","FALSE")
I think below should work;
| eval RDPport=if(port1<=3389 AND port2>=3389,"TRUE","FALSE")
I couldn't get your need. Could you please describe more?
Sure, the result should be something like:
port1 | port2 | RDPport |
0 | 65535 | TRUE |
3389 | 3389 | TRUE |
22 | 22 | FALSE |
443 | 443 | FALSE |
0 | 1023 | FALSE |
1023 | 65535 | TRUE |
Does this make it more clear?
Hi @swengroeneveld,
You can use below query;
| search port1=3389 OR port2=3389
True, but that does not take in account if
port1 = 0 AND port2=4400
OR
port1 =3388 AND port2 = 65535