Splunk Enterprise Security

Help with query to find out activity towards a particular URL

cyber_Maddy
Engager

query to find out activity towards a particular URL

eg: URL - https://www.microsoft.com/en-us/security

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What events do you have available to search?

What sort of activity are you trying to discover?

0 Karma

cyber_Maddy
Engager

There is a malicious website Eg: https://xxxx.xxxx.com

I just wanted to find out if anybody tried to access the URLhttps://xxxx.xxxx.com  from my organization or any communication from the malicious URL https://xxxx.xxxx.com to our network.

Firewall , Crowdstrike - are the available data

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...