So I took some time today and converted something I had somewhat forgotten - the post I made just over 3 years ago about being able to detect an infected Windows machine exhibiting wormlike behavior into Splunk search language. Don't judge me - a lot has happened between then and now.
The beauty of this detection is you just need to get logs from your domain controllers.
Wednesday, May 22, 2013
Thursday, May 9, 2013
Some queries related to Splunk administration/Deployment Server
Once again time flys /sigh. At times I wish there was more hours in the day but that would probably just translate into more hours working. Hopefully will get over the bubble soon (yeah right). At any rate we had our first Columbus Splunk user group the other day. Was neat to see others in the local area and talk Splunk...at least in as much as we could. The location was a bit noisy. Figured I'd share here a few of the queries I put together in a slide deck related to using (or mostly administrating) Splunk's Deployment Server. I guess they aren't specifically related to the DS as much as general Universal Forwarder (local Splunk agent) health which you can control with the DS
Subscribe to:
Posts (Atom)