Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About k115
k115
Engager
Member since:
11-13-2022
12-14-2022
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-13-2022 |
Activity Feed
- Posted How to gather total amount of traffic from the Radware DDOS app? on Splunk Enterprise Security. 12-14-2022 05:57 PM
- Tagged How to gather total amount of traffic from the Radware DDOS app? on Splunk Enterprise Security. 12-14-2022 05:57 PM
- Tagged How to gather total amount of traffic from the Radware DDOS app? on Splunk Enterprise Security. 12-14-2022 05:57 PM
- Tagged How to gather total amount of traffic from the Radware DDOS app? on Splunk Enterprise Security. 12-14-2022 05:57 PM
- Posted Web application firewall use case: How to find top targeted domain on my domain? on Splunk Enterprise Security. 12-14-2022 05:14 AM
- Tagged Web application firewall use case: How to find top targeted domain on my domain? on Splunk Enterprise Security. 12-14-2022 05:14 AM
- Tagged Web application firewall use case: How to find top targeted domain on my domain? on Splunk Enterprise Security. 12-14-2022 05:14 AM
- Posted How to lookup the external ip type, with threat intelligence lookup by splunk search query? on Splunk Enterprise Security. 12-04-2022 09:00 PM
- Posted DLP use cases to monitor privileged access employees who can transfer files form internal to external network? on All Apps and Add-ons. 11-20-2022 09:00 PM
- Posted Mcafee EPO: how to search dlp agents not installed on a system? on All Apps and Add-ons. 11-20-2022 07:36 PM
- Posted Re: Splunk tstat with firewall on Splunk Search. 11-14-2022 02:49 PM
- Posted How to create a query to identify blocked IP's by firewall and the reason? on Splunk Search. 11-13-2022 07:49 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
12-14-2022
05:57 PM
Hi guys, I have configured radware DDOS app into splunk, I want gather the total amount of traffic from the DDOS app in splunk ( the traffic seems like an attack ) in GB.
the sample query like this.
index="security" sourcetype=DefensePro action="*" policy=* | 'Top_attack_types(*)'
how do I come up with this.
... View more
Labels
12-14-2022
05:14 AM
Hi Team, I am working on web application firewall related use case, I wanna find out top targeted domain on my domain. I just try to work with index=netwaf Example: my domain is example.com, so there is a bunch of subdomains, So I just want to find top targeted domains with traffic size ( if it is malicious would be great ) please I need help quickly.
... View more
Labels
- Labels:
-
correlation search
-
investigation
12-04-2022
09:00 PM
Hi, I have to create use case related to blocked ip's by external to internal network. I can create search query for that, but the question is I wanna lookup the external ip type, with threat intelligence lookup by splunk search query. so can I use ip_intel for that, or any other method do you have guys, just and example, x.x.x.x ip blocked by firewall can lookup with splunk,so how to identify the ip belong to threat or threat category.
... View more
Labels
11-20-2022
09:00 PM
I need to monitor privileged access employees who can transfer files form internal to external network. Prvileged access employees include local admins, unlimited internet access users, employees who can use usb flash drive and send emails to external
I need it it from DLP , please guys, help me how to do it with splunk.
... View more
Labels
- Labels:
-
configuration
-
dashboard
-
development
-
search
11-20-2022
07:36 PM
Hi I want to look up, DLP agent not installed on a system,
index = mcafee_epo sourcetype = mcafee:epo:syslog source = mcafee:epo:syslog how to do I search dlp agents not installed on a system.
... View more
- Tags:
- splunk-search
Labels
- Labels:
-
configuration
-
dashboard
-
troubleshooting
11-14-2022
02:49 PM
HI yuanliu, Thanks for the update me, usually I want to lookup the what are the external IP addresses blocked by firewall, so I usually run this query: index=* sourcetype="pan:traffic" OR sourcetype="cisco:asa" OR sourcetype="imperva:waf" action=blocked (src!=x.x.x.x AND src!=x.x.x.x/18) | stats count by src, dest, sourcetype, action | table src, dest, sourcetype, action so, I wanna upgrade this query or another query to see, why is this IP blocked by firewall, its could be bruteforce, any other threat, web related attack and so on, from above query I can see the field called description, but its not useful, so wanna any ideas or queries.
... View more
11-13-2022
07:49 PM
Hi, I am working with firewall logs in external IP's , I want to collect blocked IP's from the firewall, and blocked reason mean, why is the firewall blocked this external IP, so wanna create a query to identify blocked IP's by firewall and the reason , signature of the firewall rule, please help me into this, the tstat could be useful.
... View more
Labels
- Labels:
-
lookup
-
metadata
-
search job inspector
-
tstats
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
12-14-2022
04:54 AM
|
