Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About quangnm21
quangnm21
Explorer
Member since:
10-06-2023
01-19-2024
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 10-06-2023 |
Activity Feed
- Posted Re: How to combine two datamodels in the tstats command? I want to merge them to capture DCOM lateral movement events. on Splunk Search. 01-16-2024 11:29 PM
- Posted How to combine two datamodels in the tstats command? I want to merge them to capture DCOM lateral movement events. on Splunk Search. 01-16-2024 09:15 PM
- Tagged How to combine two datamodels in the tstats command? I want to merge them to capture DCOM lateral movement events. on Splunk Search. 01-16-2024 09:15 PM
- Tagged How to combine two datamodels in the tstats command? I want to merge them to capture DCOM lateral movement events. on Splunk Search. 01-16-2024 09:15 PM
- Tagged How to combine two datamodels in the tstats command? I want to merge them to capture DCOM lateral movement events. on Splunk Search. 01-16-2024 09:15 PM
- Karma Re: Compare fields without wildcards for dtburrows3. 12-27-2023 08:22 AM
- Karma Re: Compare fields without wildcards for dtburrows3. 12-27-2023 08:22 AM
- Posted Re: Compare fields without wildcards on Splunk Search. 12-27-2023 08:21 AM
- Posted Re: Compare fields without wildcards on Splunk Search. 12-27-2023 08:00 AM
- Posted Compare fields without wildcards on Splunk Search. 12-27-2023 07:31 AM
- Posted Re: Splunk content on Splunk Search. 12-21-2023 02:05 AM
- Posted Splunk content on Splunk Search. 12-20-2023 09:10 PM
- Posted Re: Analyzing PowerShell logs in Splunk on Splunk Search. 10-07-2023 09:35 PM
- Karma Re: Analyzing PowerShell logs in Splunk for _JP. 10-07-2023 09:33 PM
- Posted Analyzing PowerShell logs in Splunk on Splunk Search. 10-06-2023 07:58 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
01-16-2024
11:29 PM
It did not work correctly
... View more
01-16-2024
09:15 PM
I want to combine these two events. Can anyone help me? I have tried using the join and append commands, but haven't been successful. I want to analyze data in the 'Endpoint' model to capture information related to 'mmc' and then compare the 'ID' to retrieve IP and port information from the 'Network' model.
... View more
12-27-2023
08:21 AM
@dtburrows3 ,Thank you very much; the knowledge is truly helpful.
... View more
12-27-2023
08:00 AM
Hi, @dtburrows3 I'm still having trouble understanding this query. My goal is to retrieve the file_path field in the event and compare it with a lookup file containing files that should not be deleted. If the file_path in my event matches a file in the lookup file, then the alert should be triggered. Similar to blacklisting malicious IP addresses.
... View more
12-27-2023
07:31 AM
Hello everyone, I'm a beginner in using Splunk. I'm facing an issue in finding a search solution for the following idea: I'm logging the deletion behavior of files, and I have whitelisted some important files in a lookup. If the file_path in the event matches any of the file_paths in my lookup file, then it should produce a result. Here is the initial search, and it found 2 file_paths. This is my lookup file. Here is my search, but it's not working correctly. Thank you, everyone, for reading!
... View more
12-20-2023
09:10 PM
This was my initial search. I cannot compare the two fields "srcdomain = destdomain" because when I intend to use eval my value is output as null. Thanks everyone
... View more
Labels
- Labels:
-
tstats
10-06-2023
07:58 AM
Hello everyone. I'm currently working on a lab assignment and I'm having trouble understanding the meaning of two specific fields in PowerShell log hunting. Could someone please explain these two fields to me? I would greatly appreciate it. Thank you.
... View more
Labels
- Labels:
-
stats
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-19-2024
10:54 PM
|
