Need help on enterprisesecurity. Is there a way to create a standard TAXII Parser that can do correlationsearches of logs coming from Maritime Transportation System ISAC & logs coming from S...
Hey, has anyone created a search that merges an ipadd from threat intel and ipadd from azure so it'll trigger an alert if there's a match. Don't know if it's possible. Thanks, will appreciate any h...
...uthentication")` | search success>0 | xswhere failure from failures_by_src_count_1h in authentication is above medium | `settags("access")`
What I am trying to do is use this to build a SplunkEnterpriseSecurity...
I'm trying to create a correlationsearch that imports a lookup table called ExpiredIdentities.csv then it takes all the entries in the Identity field and runs an independent searchfor any a...
Splunk 6.5.1
SplunkEnterpriseSecurity (ES) 4.2.0
I wrote the correlationsearch below (show sources that trigger more than 100 IPS alerts) which triggers nicely but I'm trying to add e...