Security

How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES

SamHTexas
Builder

How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Get a list of users using

| rest /services/authentication/users

It's up to you to figure out which are unwanted.

Search for saved searches this way:

| rest /servicesNS/-/-/saved/searches

then filter as necessary to locate Hackers.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...