cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
pcyr
Engager
Member since: ‎06-19-2019
‎02-03-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎06-19-2019
Activity Feed
View All

Re: Find Multiple Users With The Same Unknown Emai...

by in Splunk Search
‎02-03-2021 05:55 AM
‎02-03-2021 05:55 AM
Thanks guys, dc worked just as it should have. ... View more

Find Multiple Users With The Same Unknown Email Su...

by in Splunk Search
‎02-03-2021 05:24 AM
‎02-03-2021 05:24 AM
Scenario: I have 10 machines infected with malware. The believed infection source is email, I am attempting to create a search to find if any emails with the same subject line or sender have been sent to all 10 individuals. Basis of search is below, I am just wondering what operator would be used to compare a field to itself and only return the results which are present in the logs of all users . index=email sourcetype=email recipient= user1 OR recipient=user2 OR recipient=user3 AND subject="unknown subject that is the same for all recipients"     ... View more
Labels

How to invoke adhoc queries

by in Splunk Enterprise Security
‎06-19-2019 11:53 AM
‎06-19-2019 11:53 AM
After installing and configuring this application I am unable to get the adaptive response to run. I continue to get teh error as follows: " "Shodan IP Lookup" could not be dispatched: ModularActionException: Invalid parameter for ad hoc modular action." Is there a format which is needed when invoking this adaptive response directly from the event and manually placing the IP into the IP lookup field? Thank you. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-03-2021 10:37 AM
Karma given to