...user used network connections in each hour.
the problem is that I could have parallel sessions that I cannor sum because I could have more than 60 minutes of connection in one hour and it isn't a...
Are there plans to add support for the 'NetworkSessions' and 'Authentication' CIM data models from the Splunk_TA_paloalto Add-on for globalprotect events?
hello, I want to track all active session(RDP) in the network and see who login which server, what is the source IP address, and the sum of minutes of the active session
I use this code found in t...
Our network uses a PKI (client and server certificate) authentication system. The Splunk administrators are not allowed to open the management port (8089) to allow API queries, so I have been t...
...ervices/search/jobs/export which requires a custom PrivateAuth using an authorization header. Since this endpoint sits behind a firewall or is on internal company's network, team exposed a diff open g...
...ser login and logout with timestamp and couple of fields more.
Currently one of my network component generates multiple events for single session and send it to splunk.
Session ID remains same f...
Hello,
I am trying to form a script that will parse information to detect RDP sessions that are Daisy Chained over our network.
Example:
src=* dest=* dest_port=3389 | transaction dest s...
We are logging information from a network security device that has multiple fields of interest. LOGIN, LOGOUT, START, and DISCONNECT messages all have unique time stamps and messages associated w...