-
4 years, 5 months ago
SplunkMasterFlex wrote a new post
This is a simple enough query for detecting a host with multiple infections/detections. The reason for the bucket and incorporating a search over a longer time span (say 60m) is I found it to provide better […]
-
4 years, 5 months ago
SplunkMasterFlex wrote a new post
Baselining DashboardThis is better and more flexible option then timewrap in my opinion. Performance ain’t too shabby either. index=foo earliest=-1d latest=now | timechart […]
-
4 years, 5 months ago
SplunkMasterFlex wrote a new post
You can use this for any type of baselining alerts around a predefined standard deviation. I used the IDS data model but the same logic can be applied to any random index.
|`tstats` count from […] -
4 years, 5 months ago
SplunkMasterFlex became a registered member
-
4 years, 5 months ago
SplunkMasterFlex became a registered member