Security

How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES

SamHTexas
Builder

How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Get a list of users using

| rest /services/authentication/users

It's up to you to figure out which are unwanted.

Search for saved searches this way:

| rest /servicesNS/-/-/saved/searches

then filter as necessary to locate Hackers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...