Ad slot: top
GoSplunk SPL + dashboard repository
Log in Register

SPL

Search All Traffic by src / action - Creates Table

Networking

Description

Submitted by pocketaces

This is a magical query for tracking down all internal resources connecting to or from external IPs and Countries
1 1 
src!=10.0.0.0/8 AND src!=192.168.0.0/12 AND src!=192.168.0.0/16 action="allowed"
| iplocation src 
| search Country=*
| table Country, src, action, bytes_out, packets_out 
| dedup src
| sort Country

Comments

2 total

SP
Splunker
4/14/2020

Your second src! criteria should be 172.16.0.0/12

_P
_pocketaces
4/23/2020

thanks for the catch

Leave a comment

You must log in to post a comment.

Ad slot: bottom