The following is a Splunk search query that indicates potential “attacks” by source IP. Further investigation will be needed to determine accuracy of attacks.
|
1 |
sourcetype = "juniper:idp" attack* | stats count by src_ip |
Credit given to bbosearch.
