cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
carldipace
New Member
Member since: ‎04-04-2019
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-04-2019
Activity Feed
View All

Match IP from main search to an IP in lookup file ...

by in Splunk Search
‎05-09-2019 06:13 AM
‎05-09-2019 06:13 AM
I have my main search below. I want to match ip's from my main search to the ip's in my lookup file and output only the events that match. The lookup file field for my ip's is "host_ip" and the field in my main search is "dest_ip". index=fda_sec_suricata sourcetype=suricata (src_ip!=10.X.X.X/X AND src_ip!=172.X.X.X/X AND src_ip!=192.X.X.X/X) (host="10.X.X.X" OR host="10.X.X.X" OR host="10.X.X.X" OR host="10.X.X.X" OR host="10.X.X.X" OR host="10.X.X.X") | eval CVE_listed=if(isnotnull(reference_cve) OR like(signature,"%CVE"),1,0) | rex field=signature "CVE-(?\d+-\d+)" | eval reference_cve="CVE-".reference_cve | search (CVE_listed=1) | dedup reference_cve, src_ip, src_port, dest_ip, dest_port | table category, signature, severity, reference_cve, reference_url, src_ip, src_port, dest_dns, dest_nt_host, dest_ip, dest_port, _time ... View more

Re: Format CVE using Regex

by in Splunk Search
‎04-04-2019 07:45 AM
‎04-04-2019 07:45 AM
Thank you! That worked. ... View more

Format CVE using Regex

by in Splunk Search
‎04-04-2019 07:17 AM
‎04-04-2019 07:17 AM
I've ran a search and one of my columns in my table references CVE IDs. However, CVE IDs in that column are not in the correct CVE ID format (i.e. CVE-XXXX-XXX). My question is, is there a way to format this column using regex to put the CVE ID's in there correct format? I have provided a screen shot below. Any help would be greatly appreciated. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM