Does Splunk ESS include, out of the box - functionalities that do not require any additional installation, correlation rules and alert for malware (worm, virus, ecc...) activities?
Thanks in a...
...hreat Activity/Threat Group/Threat Group (malwaretriage)
Basically, I am not able to find out which feature is going to deprecate or remove. Please su
HI Team, I'm new to splunk..could How to check the different activities by listed users(ex: 10 users) from single query 1)password failure 2)Malware operations/malicious file 3)Traffic t...
Hi,
I'm pretty new to spluk,
I'm looking for some help with malware detection.
What would the search expression look like to detect beaconing activity from infected hosts?
my unknowns h...
I'd like to find users with activity in every 1/3/5 minute bucket in the last 24 hours as the indication of possible malware/botnet beaconing.
Let's say I have sourcetype=firewall and bytes_out/p...
...ame internal IP/ Host name (which communicated with the blacklisted IP) with Antivirus logs to check if it got infected by some malware.
Please help on this.
Is it possible to make some dynamic l...
...nformation and another search to look for activity that occurred and getting the data from both into one table with a total count of detected activity. If anyone could provide assistance or a r...
Doc Question regarding ESS
I checked out (e.g. http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z). It says the 50 most common security based search correlations are build-in in the E...
Hi I am trying to find Malwareactivity detected on vulnerable systems so I did the subsearch as follow:
source="antivirus log" [search source="Vulnerability scanner.csv" |dedup IP,Vulnerability|r...
...P is 1.2.3.4 . Based on the observed malware let's assume I'm interested in outbound web activity to badsite[d]com from the affected host. In order to find any such traffic from this host I'd need t...