I have been asked to create a dashboard for our threat hunters and would like some ideas. They want to know what they can breach off of webservers.
So far I have a table with just host we have. I also have a table with http response counts.
My question is what else should I put on there.
Hiu @SplunkerNoob ,
as I said, see in the Security Essentials App and you'll find hundreds of searches also fro threat hunting.
Ciao.
giuseppe
Hi @SplunkerNoob ,
what's your question?
if you want additional ideas, see in the Splunk Security Essentials app (https://splunkbase.splunk.com/app/3435): you'll find many ideas.
Ciao.
Giuseppe