...uthentication")` | search success>0 | xswhere failure from failures_by_src_count_1h in authentication is above medium | `settags("access")`
What I am trying to do is use this to build a SplunkEnterpriseSecurity...
Splunk 6.5.1
SplunkEnterpriseSecurity (ES) 4.2.0
I wrote the correlationsearch below (show sources that trigger more than 100 IPS alerts) which triggers nicely but I'm trying to add e...
I'm trying to create a correlationsearch that imports a lookup table called ExpiredIdentities.csv then it takes all the entries in the Identity field and runs an independent searchfor any a...
Trying to figure out why the SplunkEnterpriseSecurity App has a savedsearch and a correlationsearchfor brute force seems redundant but probably missing a key distinction. Can someone give me s...
...ew of them. I'm looking for something like the "Search View matrix" in the User Guide of the SplunkEnterpriseSecurity app, but with all the correlationsearches in it.
Thanks
Miklos
Hi all,
I am now researching SplunkEnterpriseSecurity. From my understanding, it is an app with some dashboard, which integrate some pre-defined correlation query, CIM and other App. I would l...
Hello everyone
i've just looking into content management correlationsearches' code and I couldn't understand some parts of it!
these are my questions:
what is the difference between tstats a...
Hi,
This question relates to:
- SplunkEnterprise 6.4.1
- SplunkEnterpriseSecurity 4.1.1
I am trying to generate a list of existing correlationsearches which includes the following d...