When doing a hunting exercise on a ethical hack system, I'm looking for an efficient way to find the unique breadcrumbs on this system compared to all the other systems in same timewindow. Suppose t...
See more...
When doing a hunting exercise on a ethical hack system, I'm looking for an efficient way to find the unique breadcrumbs on this system compared to all the other systems in same timewindow. Suppose the EH system 1 has processes A,B,C,D whereas all the systems have processes A,C,D,E,F,G,H.... The result I'm looking for is process=B which was only found on system 1. Tried with subsearches / join etc but seem to run in circles. All help is much appreciated. Since full population (except system 1) can be a very large dataset, it's important to make the SPL as efficient as possible.