Splunk Search

Splunk search to find ip suspicious address that have accessed a host

ephrem3232
Explorer

How to find ip suspicious address that have accessed a host? 

I have a list of host ip's,but I need a splunk search that will list all the Ip address that have accessed my host?

 

Thank you,

Labels (3)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

this query is dependent of log sources. Could you tell / show from which logs those events are?

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Thanks for the Memories! Splunk University, .conf24, and Community Connections

Thank you to everyone in the Splunk Community who joined us for .conf24 – starting with Splunk University and ...

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...