Activity Feed
- Posted Re: How to search if a user received an email from a malicious threat actor. on Splunk Enterprise Security. 04-01-2021 03:36 PM
- Posted Re: How to search if a user received an email from a malicious threat actor. on Splunk Enterprise Security. 03-30-2021 02:31 PM
- Posted How to search if a user received an email from a malicious threat actor. on Splunk Enterprise Security. 03-30-2021 12:08 PM
- Tagged How to search if a user received an email from a malicious threat actor. on Splunk Enterprise Security. 03-30-2021 12:08 PM
- Tagged How to search if a user received an email from a malicious threat actor. on Splunk Enterprise Security. 03-30-2021 12:08 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
04-01-2021
03:36 PM
Thanks @96nick ! that did the trick.
... View more
03-30-2021
02:31 PM
Thanks Nick, To summarize, you reckon the query should look like: index=emailgt "user1@domain.com" [|inputlookup baddomains.csv | fields domains | format] ?? Didn't get much output from that query
... View more
03-30-2021
12:08 PM
Hi Splunk Experts, I'm a newbie to splunk and have been tasked with finding out if a couple of our users (e.g user1@domain.com, user2.....) received malicious emails from a list of domains in that i have bow created a lookup (baddomains.csv) table for. We have an index (index=emailgt) but the challenge is preparing a search query that would parse that index to the lookup table (baddomains.csv) and then to match if any of the users interacted with these bad domains. Thanks
... View more
Labels
- Labels:
-
incident review
-
troubleshooting
