junk/spl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update splunk_alert.md

Browse Source
This commit is contained in:
junk
2025-01-12 12:05:18 -05:00
parent 81863a4b78
commit 58da7a6327
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
splunk_alert.md
View File

@ -38,3 +38,10 @@ priority=""
- jarvis_index: index=jarvis - jarvis_index: index=jarvis
- indextime: _index_earliest=-15m@m AND _index_latest=now - indextime: _index_earliest=-15m@m AND _index_latest=now
## Network Whitelist
```
table _time indextime event_description host_fqdn user_name process_path process_id process_parent_id process_command_line process_guid src_ip dst_ip dst_port src_host_name dst_host_name mitre_category mitre_technique mitre_technique_id hunting_trigger
```