...user used network connections in each hour.
the problem is that I could have parallel sessions that I cannor sum because I could have more than 60 minutes of connection in one hour and it isn't a...
Our network uses a PKI (client and server certificate) authentication system. The Splunk administrators are not allowed to open the management port (8089) to allow API queries, so I have been t...
hello, I want to track all active session(RDP) in the network and see who login which server, what is the source IP address, and the sum of minutes of the active session
I use this code found in t...
...ser login and logout with timestamp and couple of fields more.
Currently one of my network component generates multiple events for single session and send it to splunk.
Session ID remains same f...
...nd the duration the game was played. There are multiple game play sessions during the day. I want to be able to graph game play by day and week also.
I am using squid proxy and the destination t...
...ervices/search/jobs/export which requires a custom PrivateAuth using an authorization header. Since this endpoint sits behind a firewall or is on internal company's network, team exposed a diff open g...
Hello,
I am trying to form a script that will parse information to detect RDP sessions that are Daisy Chained over our network.
Example:
src=* dest=* dest_port=3389 | transaction dest s...