×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
David_Shoshany
Explorer
Member since: ‎07-11-2020
‎07-11-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎07-11-2020
View All

Re: Failed Login Anomalies detection - EventCode=4...

by in Dashboards & Visualizations
‎07-11-2020 04:35 AM
‎07-11-2020 04:35 AM
@gcusello  thank you. I wonder if there is a ML function that can do that for me, compare the last week to the current week and detect spikes ... View more

Re: Failed Login Anomalies detection - EventCode=4...

by in Dashboards & Visualizations
‎07-11-2020 03:43 AM
‎07-11-2020 03:43 AM
Hi i would like the query to consider the changes throughout the week in green Which mean that the threshold would be dynamic, not static (red line) ... View more

Failed Login Anomalies detection - EventCode=4625?

by in Dashboards & Visualizations
‎07-11-2020 03:13 AM
‎07-11-2020 03:13 AM
Hello I have the following fields on EventCode=4625 (failed login events), Fields: _time, Source_Network_Address,Account_Name,Workstation Name,EventCode And i want to create anomaly creation rules based on the source address field, to check if there is a relative high amount of failed login from the same source address. I am currently using a static threshold (...| where count > 50) but i want it to be dynamic to the week,weekends / morning night changes. Anyone can give me some direction or a query example? Thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-11-2020 09:06 AM
Karma given to
View All