I'm trying to create a correlationsearch that imports a lookup table called ExpiredIdentities.csv then it takes all the entries in the Identity field and runs an independent searchfor any a...
...uthentication")` | search success>0 | xswhere failure from failures_by_src_count_1h in authentication is above medium | `settags("access")`
What I am trying to do is use this to build a SplunkEnterpriseSecurity...
Splunk 6.5.1
SplunkEnterpriseSecurity (ES) 4.2.0
I wrote the correlationsearch below (show sources that trigger more than 100 IPS alerts) which triggers nicely but I'm trying to add e...
Trying to figure out why the SplunkEnterpriseSecurity App has a savedsearch and a correlationsearchfor brute force seems redundant but probably missing a key distinction. Can someone give me s...
Hi all,
I am now researching SplunkEnterpriseSecurity. From my understanding, it is an app with some dashboard, which integrate some pre-defined correlation query, CIM and other App. I would l...
...ew of them. I'm looking for something like the "Search View matrix" in the User Guide of the SplunkEnterpriseSecurity app, but with all the correlationsearches in it.
Thanks
Miklos
