About sfurkan

sfurkan · ‎03-26-2021

Hi, There is an alarm monitoring the 4733(A member was removed from a security-enabled local group ) events. When this alarm is triggered, I want the user to be deleted from the users.cvs lookup. how can I do it? Thanks,

sfurkan · ‎03-22-2021

One last question; How can I add a query to avoid duplicate lines in the csv file? I used the dedup command, but this does not prevent duplicate lines in the csv file.

sfurkan · ‎03-22-2021

Thanks, I want to add a row to an existing column in the csv file. Existing records in the csv file should not be deleted. For example, I want to take user information in the windows event and add it as a row. Is it not possible to do it from the "trigger actions" section?

sfurkan · ‎03-22-2021

Hi, When an alarm is triggered, I want a field inside the event (e.g user) to be added to a preexisting lookup file. How can I do? Thanks,

sfurkan · ‎02-09-2021

the field src_user that I want to query in the event. I only have "user" field in the adminuser.csv file. What does src_ip mean in the query you mentioned? Do you mean the field in the csv file?

sfurkan · ‎02-09-2021

Hi, I will create an alert that tracks Windows (event id = 4726 - A user account was deleted) events. I have a user list named "user" in the adminuser.csv file. I want to exclude these users. how can I do it? Should I use lookup or inputlookup? which one is more efficient? The following query does not return the result I want. index = wineventlog source = "WinEventLog: Security" EventCode = 4726 | search src_user NOT [ | inputlookup adminuser.csv]

Posts	6
Solutions	0
Karma Given	5
Karma Received	0
Member Since	‎02-08-2021

Online Status	Offline
Date Last Visited	‎04-05-2021 12:37 PM

delete rows from lookup

add field to lookup

csv file exclude

delete rows from lookup

Re: add field to lookup

Re: add field to lookup

add field to lookup

Re: csv file exclude

csv file exclude