cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
japonter
Explorer
Member since: ‎10-10-2019
‎01-05-2022
Community Statistics
Posts 7
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-10-2019
Activity Feed
View All

Re: log4j vulnerable files are getting recreated a...

by in Splunk Enterprise
‎12-29-2021 01:34 PM
‎12-29-2021 01:34 PM
did you just delete the 4 paths the documents say. i have been looking for more clarification into this. as i read it just indicates to delete those 4 paths and that should be it. is this true? ... View more

SMBV1 and v1.2 tracking

by in Security
‎07-08-2021 06:58 PM
‎07-08-2021 06:58 PM
Hi, coming for help again. i am trying to track smb traffic in me network but specifically smbv1 and v1.2 since they are both vulnerable. i tried a few things in splunk but cant seem to capture specific versions of smb. any help is great. ... View more

Re: domain account search using csv and event id

by in Security
‎07-06-2021 12:42 PM
‎07-06-2021 12:42 PM
you are the man!!! the search you provided and the information helped very much. after reading what you said, i saw one problem and that the csv file the first line had to have the field i needed to compare with the logs. thats something i did have. the first line had a genered domain admin field, i had to change it yo Account_Name as a normal field seen in splunk for it to complete the search.   now im gonna try and finish the search with the eventcodes i need to monitor those accounts. i should be able to do this? add in the search specific event codes from windows to better refine the search. ... View more

domain account search using csv and event id

by in Security
‎07-06-2021 10:46 AM
‎07-06-2021 10:46 AM
Hi, i have been looking but cant seem to make much sense of it all. im new to splunk. im trying to create a search and alert from a csv file, the csv fiel contains Domain Admin account and i wanted to creat a search for a numbers of eventid on those domain admin accounts. index=win sourcetype=wineventlog EventCode=*the events im looking for* | inputlookup file.csv   but cant seem to make it work. any help would be great ... View more

Re: domain accounts search csv

by in Splunk Search
‎07-06-2021 07:24 AM
‎07-06-2021 07:24 AM
this is one of the events i want to search. the csv file are just domain admin user names. one column one row of just names. NOTE: I come from using QRadar for over 5 years, to using splunk for the first time, and i am finding it difficult to transition from one platform to another. 07/06/2021 10:11:23 AM LogName=Security EventCode=4724 EventType=0 ComputerName=Localhost.local SourceName=Microsoft Windows security auditing. Type=Information RecordNumber=13407054485 Keywords=Audit Success TaskCategory=User Account Management OpCode=Info Message=An attempt was made to reset an account's password. ... View more

Re: domain accounts search csv

by in Splunk Search
‎07-06-2021 07:02 AM
‎07-06-2021 07:02 AM
the usernames in the csv are name from a AD group called domain admin, if i search for them one by one i find there with the events id, but theres around 70 names and i want to use the csv file to make it easier to search for events with specific eventid with those names. ... View more

domain accounts search csv

by in Splunk Search
‎07-03-2021 12:29 PM
‎07-03-2021 12:29 PM
Hi, i have been looking but cant seem to make much sense of it all. im new to splunk. im trying to create a search and alert from a csv file, the csv fiel contains Domain Admin account and i wanted to creat a search for a numbers of eventid on those domain admin accounts. index=win sourcetype=wineventlog EventCode=*the events im looking for* | inputlookup file.csv   but cant seem to make it work.   any help would be great ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-05-2022 08:50 AM
Karma given to
View All