Splunk Search

How to search Regex to Detect CVE-2020-0688 Vulnerability?

New Member


As you know one of the latest vulnerability was CVE-2020-0688 on microsoft exchange server. so I'm trying free splunk on my lab environment and also install sysmon on microsoft exchange server and copy my sysmon evtx file to splunk for inspection log to detect above vulnerability. but i am new in splunk and want the syntax of search regex to do this.

please let me know how can i do?



Labels (4)
0 Karma

Ultra Champion


 index=yours  "CB2721ABDAF8E9DC516D621D8B8BF13A2C9E8689A25303BF" 

In the reference, static key is the signature.

0 Karma

We need more information. Please share some sample data and highlight what you would like the regex to find.
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...

Admin Console: A Single, Unified Interface for All Your Cloud Admin Needs

WATCH NOWJoin us to learn how the admin console can save you time and give you more control over the Splunk® ...