Splunk SPL 101
Views: 13
splunk
Splunk: SPL Cheat Sheet for SOC Analysts
Views: 24Splunk Cheat Sheet Query to identify failed login attempts: Query to identify privilege escalation attempts: Query to identify failed SSH attempts: Query to identify successful SSH attempts: Query to identify unusual network traffic: Query to identify suspicious processes: Query to identify brute force attacks: Query to identify privilege escalation attempts on Windows systems: Query … Read more
Investigate SQLi attacks using Splunk
Views: 46Sure! Here are a few Splunk queries that can help detect web application attacks: Note: Replace <your_index> and <your_sourcetype> with the appropriate values from your Splunk environment. Also, make sure you have the corresponding lookup tables (sql_injection_keywords.csv, xss_keywords.csv, etc.) populated with relevant attack patterns. You may need to modify the queries based on your … Read more
Splunk Threat Hunting – Windows Events
Views: 37When performing threat hunting using Splunk on Windows systems, there are several important queries you can use to identify potential threats and security incidents. Here are some examples: This query looks for event code 4688, which indicates process creation events. It filters out known Splunk-related processes to focus on potentially suspicious activities. This query … Read more