Splunk Search

How to identify windows registry key use for persistence?

TAOFernandes
Engager

Hi

I'm trying to identify   the registry key use for persistence,  what filter do  I need to apply apply?

index=*

Thanks

Tony

 

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What data do you already have in your indexes?

0 Karma

TAOFernandes
Engager

Hi,

    My initial filter  is index=*

  what filter do i need to apply to find the persistence in windows registry also filter for  what port  is listening for incoming connection, example port is  used in a bind shell for persistence.

can you  please help

 

thanks

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Do you have an example of the type of event you are looking for?

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...