Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Salesforce Security Use case

tv00638481
Explorer
‎11-16-2023 11:42 PM

Hi,

I'm looking Security Use case on Salesforce application. Request to suggest if any please.

Regards

BT

Labels (2)
0 Karma
Reply

tv00638481
Explorer
‎02-06-2024 03:53 AM

I'm trying understand the below query to implement. what would be the expected result .

Any idea about this query.

https://lantern.splunk.com/Splunk_Platform/UCE/Security/Threat_Hunting/Protecting_a_Salesforce_cloud...

ROWS_PROCESSED>0 EVENT_TYPE=API OR EVENT_TYPE=BulkAPI OR EVENT_TYPE=RestAPI
|lookup lookup_sfdc_usernames USER_ID
|bucket _time span=1d 
|stats sum(ROWS_PROCESSED) AS rows BY _time Username
|stats count AS num_data_samples max(eval(if(_time >= relative_time(maxtime, "-1d@d"), 'rows',null))) AS rows avg(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS avg stdev(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS stdev BY Username
|eval lowerBound=(avg-stdev*2), upperBound=(avg+stdev*2)
|where 'rows' > upperBound AND num_data_samples >=7

 

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎02-08-2024 03:22 PM

on that same link, they have given a good search explanation. may i know if you read it.. may i know what confusion you have after reading that, thanks. 

0 Karma
Reply

tv00638481
Explorer
‎11-17-2023 02:36 AM

Thank you, sir, for the inputs share. Will come back if something needed.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...