Hey Splunk Community!
Working on a dashboard ( For Incident Response) in splunk but need some assistance initially with queries on the following in Splunk:
Computer or host showing if malicious
Logon info for other machines that a user has logged in for the ay
IP address of machine, Location or Country, Is it a VM, and Laptop
Active Directory info on user
Remote machine name - to find out what machine was used to remote into the Server on the last incident
Need this soon, would be appreciated.
Thanks Very much!
... View more