Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Anyone have a good search on Detecting anomalies in file changes?

daniel333
Builder
‎07-26-2018 05:58 PM

All,

We have Auditbeat in place as a FIM right now and it's returning great data on file system changes. But it's too much data. Anyone have some good searches that might help find anomalies?
Basically the fields are -
host
file_name
action

Right now I have about 7 days of data. I can pipe that to a Datamodel if that is helpful. Also willing, but not sure how to use the ML toolkit for this.

thanks
-Daniel

0 Karma
Reply
Get Updates on the Splunk Community!

Holistic Visibility and Effective Alerting Across IT and OT Assets

Instead of effective and unified solutions, they’re left with tool fatigue, disjointed alerts and siloed ...

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...
Top