Hi,
I want to create a search query that looks for users who have received phishing emails, clicked the link, or downloaded a file from the email.
Thanks
What events do you have in Splunk to work with?
Hi,
Thanks for your reply. We have a WAF and firewall and ingest their logs in Splunk.
Regards,
WAF and firewall are typically _not_ solutions associated with email traffic or user's web-related behaviour so you might want to reconsider your sources list.
OK so what do those events look like? What data do they contain? Please share some anonymised examples.