Splunk Search

search events from txt

cyberfan
Explorer

I have one txt file, only one column, the txt file has around 60 SHA-256 hashes. these hashes are from malicious files. I want to search the system any hosts associated with these hashes, what would be the search string I need to pass to splunk? thanks

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
You have a lookup file with hash values, but does Splunk have corresponding hash values in its indexes? Without both data there can be no search.
---
If this reply helps you, an upvote would be appreciated.
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.