Solved: How does the Internal Spammers dashboard work in t...

jmccreery · ‎07-29-2014

There are three settings which can be modified in the dashboard but we haven't been able to find and definitions as to what exactly the parameters are related to and how they interact.

Minimum Messages (defaults to 80)
Message Rate (defaults to 80)
(Time)(defaults to All Time)

Opening the dashboard in a Search reveals this: 'internal-spammer'(80,80)'

jmccreery · ‎07-29-2014

Finally found what I was looking for - Internal Spammers is a Macro requiring 2 Arguments. Now that I can see the search definition it makes a bit more sense.

View solution in original post

jmccreery · ‎07-29-2014

Finally found what I was looking for - Internal Spammers is a Macro requiring 2 Arguments. Now that I can see the search definition it makes a bit more sense.

jmccreery · ‎07-29-2014

Running the internal spammers with parameters (60,60) report for a time period of 60 minutes does this:

Has any account sent to more than 60 people in the previous 60 minutes?
If so, have they sent messages at a rate of more than 60 messages per minute?
If so, send an alert.

ppablo · ‎07-29-2014

Hi @jmccreery

If you could provide more insight on your understanding beyond the definition for folks who might still be in the dark about this, feel free to share 🙂

Patrick

How does the Internal Spammers dashboard work in the Splunk App for Microsoft Exchange?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...