-
5 years, 2 months ago
Opeyemi Olatunji wrote a new post
index=_audit sourcetype=”incident_review”
| table rule_name comment status
| rename rule_name as “Notable Event” comment as “Closing Comment” status as Status
| eval Status=if(Status=5,”Closed”,if(Status=2,”In […] -
5 years, 2 months ago
Opeyemi Olatunji wrote a new post
Helps to investigate authentications through CISCO_ISE device. This identifies who logs in, the MAC address and IP for any use cases
index= “”
|rex field=”cisco_av_pair” […] -
5 years, 2 months ago
Opeyemi Olatunji wrote a new post
Investigate an IP through Palo Alto Logsindex= |stats c sum(bytes) as Bytes_Out by _time user application action dest_ip dest_location src_ip client_ip client_location session_end_reason […]
-
5 years, 2 months ago
Opeyemi Olatunji wrote a new post
index=_internal sourcetype=splunkd “deployment_client”
|stats latest(_time) as LatestReportTime values(server_name) as Server_Name by host |convert ctime(LatestReportTime) |rename host as Host
|fields + Host […] -
5 years, 2 months ago
Opeyemi Olatunji wrote a new post
|rest /servicesNS/-/-/saved/searches |table search title description alert_type “alert.expires” “alert.suppress” “alert.suppress.fields”
|search alert_type=”always”
|fillnull value=0 […] -
5 years, 2 months ago
Opeyemi Olatunji's profile was updated
-
5 years, 4 months ago
Opeyemi Olatunji wrote a new post
`notable`
| stats latest(lastTime) as LastTimeSeen values(rule_name) as “Rule Name” values(comment) as “Historical Analysis” values(user) as User by _time event_id, urgency
| eval LastTimeSeen=strftime(LastTimeSeen,”%+”) -
5 years, 4 months ago
Opeyemi Olatunji wrote a new post
|datamodel
|rex field=_raw “”description”:”(?w+|w+s+w+|w+s+w+s+w+|w+s+w+s+w+s+w+s+w+|w+s+w+s+w+s+w+s+w+s+w+|w+s+w+s+w+s+w+s+w+s+w+s+w+)”,”
|rex field=_raw […]
-
5 years, 4 months ago
opeolat became a registered member
-
5 years, 4 months ago
Opeyemi Olatunji became a registered member
