IIS: 401 and 403 errors

IIS
Ronald (Access42)
0 0

Get an overview of 401 and 403 errors, an increase might be an IoC.

<code>index=* sourcetype="ms:iis:default" sc_status=401 OR sc_status=403 |table _time, sc_status, sc_substatus, uri_path | timechart count by sc_status</code>

1	<code>index=* sourcetype="ms:iis:default" sc_status=401 OR sc_status=403 \|table _time, sc_status, sc_substatus, uri_path \| timechart count by sc_status</code>

Splunk Query Repository

IIS: 401 and 403 errors

Leave A Comment? Click here to cancel reply.

Splunk Query Repository

IIS: 401 and 403 errors

Related Queries

IIS: Indicators of directory traversal, RFI and LFI

IIS: 404 errors

IIS: Indicators of XSS and SQLi attacks

Leave A Comment? Click here to cancel reply.