-
4 years, 5 months ago
CattyWampus commented on the post, Weekend User Activity
In reply to: SplunkNinja wrote a new post Run the following (modify user field as needed) to show weekend activity:sourcetype="WinEventLog:Security" (date_wday=saturday OR date_wday=sunday) | stats count by Account_Name, date_wdayViewyes you can specify by: Account_Name=”user_name_here”
-
8 years, 11 months ago
CattyWampus wrote a new post
Qualys Hosts not Scanned in 30 days+The following Splunk Search (query) is for Qualys and will show hosts that have not been scanned in 30 days or more. This query assumes that your index is […]
-
8 years, 11 months ago
CattyWampus wrote a new post
Qualys 30 Day trending of Re-Opened VulnerabilitiesThe following Splunk Search (query) is for Qualys and will show a trending over 30 days for re-opened vulnerabilities. This query assumes that your index is […]
-
8 years, 11 months ago
CattyWampus wrote a new post
Qualys Top 10 Vulnerabilities by SeverityThe following Splunk Search (query) is for Qualys and will show the top 10 vulnerabilities by severity as well as a Count of […]
-
8 years, 11 months ago
CattyWampus wrote a new post
Qualys Active OS Vuln CountThe following Splunk Search (query) is for Qualys and will show vulnerability count for Windows Hosts. This query assumes that your index is defined as […]
-
10 years, 1 month ago
CattyWampus wrote a new post
This will return a table of users who conducted searches, the total time it took for searches to complete, a count of said searches, and the last time a search was conducted.
*NOTE* You will need to modify […]
-
10 years, 1 month ago
CattyWampus wrote a new post
This will return a list of users who attempted to login to the splunk searchhead. It will list both successful attempts and failed attempts.
index=_audit tag=authentication | stats count by user, info | sort – info
-
10 years, 1 month ago
CattyWampus wrote a new post
This query will search the internal audit sourcetype of splunk and report on any user modification attempts, both success and fail.
index=_audit sourcetype=audittrail action=edit_user | eval Date=strftime(_time, […] -
10 years, 1 month ago
CattyWampus became a registered member
index=_audit tag=authentication | dedup user | stats count by user, info timestamp | sort – info