About Pablo00

Pablo00 · ‎04-25-2022

Thank you for your help. I understand that now! very much appreciated 🙂

richgalloway · ‎03-13-2022

The Splunk Security Essentials app has many use cases for detecting behaviors indicative of ransomware.

Pablo00 · ‎01-26-2022

Hello I have windows security logs on host. I remember when I just started with Splunk and I had my Splunk lab and I had some kind of security free add on ( can't remember) where I was able to see attempts on port 3389 (dashboard)

Pablo00 · ‎12-20-2021

Hello, During that crazy 4logj times I would like ask you for advise. I am new in Splunk/security but I manage to create dashboard for 4logj attemps. I can see some 4logj scanning activity and codes are 404,400 etc = I am not really worry about. But sometimes I have code 200 as I can see this mean: The HTTP 200 OK success status response code indicates that the request has succeeded. The meaning of a success depends on the HTTP request method: ... GET : The resource has been fetched and is transmitted in the message body. i added screenshot. I am wondering how to investigate it? Should i check for outband traffic? what is the best query? as far i have just one index=firewall 170.210.45.163 AND 31.131.16.127 ? this is my Uni Lab environment so i just want to develop myself and learn , what you would do if you see such a string? many thanks

Posts	8
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎12-20-2021

Online Status	Offline
Date Last Visited	‎04-25-2022 06:54 AM

Why alerts are not working?

How to investigate and contain ransomware with Spl...

check traffic -RDP connections

log4j attemps

Re: why alerts not working

Re: how to investigate and contain ransomware with...

Re: check traffic -RDP connections

log4j attemps