Good Morning
Out of interest I wondered if anyone had a Splunk Search, which clearly showed machines being mined as opposed to staff visiting sites with the word "CoinHive" in them?
I ran a search for CoinHive and came across a number of events , but I need to be more accurate in my searching to get events which are actually effecting users.
Can anyone suggest a search which will capture machines running the javaScript and so being effected ?
Thanks
David
What data are you collecting proxy logs? if so what type of proxy and does it record user agent strings?