I'm getting alerts from my firewall that my Heavy Forwarder Unix box (only program that's installed) is initiating TCP scans and sweeps. I have Universal Forwarders installed that should be pushing ...
...ormal behavior and I'm not interested in it. What is anomalous is when the system hiccups and Event B occurs before Event A in time.
I'm looking for a search that will find when Event B happens b...
I am working on Anomalous Invalid Login Attempts where I need to do multiple login from a same user from different sites in 30 mins time span, so the below query I implemented
sourcetype=msad-s...
This Enterprise Security correlation search "Anomalous Audit Trail Activity Detected" is generating a whole bunch of false positives.
| from datamodel:"Change_Analysis"."Auditing_Changes" | w...
I am having trouble finding documentation that explicitly states Splunk's ability to perform audit reduction. I am also having difficulty finding out if Splunk meets the AU-8 requirement for a commo...
I'm seeing the error below under messages in my Splunk enterprise console:
Missing or malformed messages.conf stanza for TCPOUT:FORWARDING_BLOCKED_Indexer IP ADDress_default-autolb-group DC-Host N...