Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Salesforce Security Use case

tv00638481
Explorer
‎11-16-2023 11:42 PM

Hi,

I'm looking Security Use case on Salesforce application. Request to suggest if any please.

Regards

BT

Labels (2)
0 Karma
Reply

tv00638481
Explorer
‎02-06-2024 03:53 AM

I'm trying understand the below query to implement. what would be the expected result .

Any idea about this query.

https://lantern.splunk.com/Splunk_Platform/UCE/Security/Threat_Hunting/Protecting_a_Salesforce_cloud...

ROWS_PROCESSED>0 EVENT_TYPE=API OR EVENT_TYPE=BulkAPI OR EVENT_TYPE=RestAPI
|lookup lookup_sfdc_usernames USER_ID
|bucket _time span=1d 
|stats sum(ROWS_PROCESSED) AS rows BY _time Username
|stats count AS num_data_samples max(eval(if(_time >= relative_time(maxtime, "-1d@d"), 'rows',null))) AS rows avg(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS avg stdev(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS stdev BY Username
|eval lowerBound=(avg-stdev*2), upperBound=(avg+stdev*2)
|where 'rows' > upperBound AND num_data_samples >=7

 

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎02-08-2024 03:22 PM

on that same link, they have given a good search explanation. may i know if you read it.. may i know what confusion you have after reading that, thanks. 

0 Karma
Reply

tv00638481
Explorer
‎11-17-2023 02:36 AM

Thank you, sir, for the inputs share. Will come back if something needed.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...