Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Google Workspace

cbarrios
New Member
‎01-26-2024 06:57 AM

Hello Every Body.

 

I'm starting this question be couse i'm traying to genrate detections for goole workspace invader as that post about 365.

 https://www.splunk.com/en_us/blog/security/hunting-m365-invaders-blue-team-s-guide-to-initial-access...

But i can not find google work space  login logs in actual ingest. We installed  the ad-don and newest apps abalaible in the splunkbase and could not find it.

surfin into the splunk web we could't fund an euivalent searchs as the link attached. 

 

Some bady had the same problem?  how can I solved it? 

Labels (1)
Labels
0 Karma
Reply

datadevops
Path Finder
‎01-28-2024 02:14 AM

Hi there,

The key is finding those Workspace login logs. While the add-on and apps might be installed, there could be a filtering or indexing issue.

Here's a quick rundown:

  1. Check the filter: Did you configure any filters that might exclude login events? Double-check your inputs.conf settings specifically.

  2. Look for indexing errors: Splunk logs might reveal indexing errors related to Workspace data. Check splunkd.log and python.log for clues.

  3. Search smarter: The provided search might not translate perfectly to Workspace. Try broader terms like "google login" or "workspace access" and adjust from there.

If you're still stuck, I recommend searching Splunkbase forums or reaching out to Splunk or Google Workspace support directly. They've seen it all and can offer specific guidance.

Remember, hunting invaders is like being a detective – persistence and resourcefulness are key!

~ If the reply helps, a Karma upvote would be appreciated

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...