Security

How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES

SamHTexas
Builder

How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Get a list of users using

| rest /services/authentication/users

It's up to you to figure out which are unwanted.

Search for saved searches this way:

| rest /servicesNS/-/-/saved/searches

then filter as necessary to locate Hackers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...