Compare Successful Internal Vs External Connections

This query will display a bar chart of all successful Internal vs External SSH connections. Useful for identifying any spikes in connectivity coming from within your network remit or outside of it. Simply change the CIDR matches to match your required LANs.

   

Continue Reading →

List IPs that had Successful and Failed SSH Attempts

The following query was discovered on stackoverflow. It performs the necessary regex field extractions to get a list of IPs associated with SSH login attempts.

Continue Reading →

Successful Linux Logons by Username

As stated in the title, this Splunk search query will return a list of all successful logons by user name on linux hosts. The regex is provided in the event the field is not extracted:

Continue Reading →

Count of Unique Hosts in Linux

The following splunk query example will return a unique count of hosts in a given time range *NOTE* if the host field is being autoextracted (for instance if you are using a universal forwarder) you will not need the regex command and can call upon the auto extracted fieldname of “host”

Continue Reading →

List of Hosts in a Linux Environment

The following splunk query example will return a list of hosts by hostname in a given time range. *NOTE* if the host field is being autoextracted (for instance if you are using a universal forwarder) you will not need the regex command and can call upon the auto extracted fieldname of “host”

Continue Reading →