cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
brandylee1993
Explorer
Member since: ‎08-05-2020
‎10-11-2022
Community Statistics
Posts 7
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎08-05-2020
Activity Feed
Topics I've Started
View All

Has anyone done a playbook for crowdstrike serves ...

by in Splunk SOAR (f.k.a. Phantom)
‎09-27-2022 09:46 AM
‎09-27-2022 09:46 AM
Has anyone done a playbook for crowdstrike serves stopped? Basically querying splunk for host name, etc?  If so can you please share how you have done this?   ... View more
Labels

Re: How to enrich the endpoint tickets for MacOS J...

by in Splunk SOAR (f.k.a. Phantom)
‎04-02-2021 07:14 AM
‎04-02-2021 07:14 AM
Splunk released a Phantom App for Jamf a few weeks ago. I haven't really checked out much about it yet. https://my.phantom.us/4.10/apps/?search=JAMF ... View more

Re: search for temporary users in privileged group...

by in Security
‎03-05-2021 05:13 AM
‎03-05-2021 05:13 AM
Can you set up the "| ldapsearch " command in your Splunk environment, so that it can perform LDAP queries to your AD? https://docs.splunk.com/Documentation/SA-LdapSearch/3.0.2/User/Theldapsearchcommand https://www.splunk.com/en_us/blog/tips-and-tricks/integrating-active-directory-into-splunk-with-sa-ldapsearch.html Once that is complete, you can search for users with a "accountExpires" time: | ldapsearch domain="default" search="(&(objectclass=user))" attrs="cn,displayName,title,department,whenCreated,mail,lastLogonTimestamp,accountExpires" | table cn mail displayName title department whenCreated lastLogonTimestamp accountExpires ... View more

Re: How can I update function in Phantom to handle...

by SplunkTrust in Splunk SOAR (f.k.a. Phantom)
‎09-16-2020 02:43 AM
1 Karma
‎09-16-2020 02:43 AM
1 Karma
@brandylee1993 I hope you found your answer,  but just in-case and for any others viewing this question, the handling of non-ascii needs to be handled with python `.decode()`: <value>.decode("UTF-8") The variable will be the field/data that likely contains the non-ascii text. I have seen this a lot with Phishing use cases and have had to use the .decode() a few times to get around it.  If this helped, please pop a like below. ... View more

Re: Malicious File Detection in Cloud Application"...

by in #Random
‎08-06-2020 12:27 PM
‎08-06-2020 12:27 PM
Yes ... View more

Re: Wrong Raw Log in ticket

by SplunkTrust in Splunk SOAR (f.k.a. Phantom)
‎08-05-2020 11:43 PM
‎08-05-2020 11:43 PM
I believe when you send an event to Splunk Phantom the complete results file will be forwarded to Phantom, the result may contain more than one result from same search job. This could be one of the reason. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-11-2022 11:19 AM
Karma from
View All