Splunk Enterprise Security

Where do I find the macro "src_dest_tracker" listed in a Corr. search in ES to detect Spyware activity?


This posting did not let me share the search string due to it containing HTML code etc. Any advice is appreciated. Thank u 

Labels (1)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!