Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About zayedaljaberi
zayedaljaberi
Engager
Member since:
04-02-2020
10-01-2020
Community Statistics
| Posts | 9 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 04-02-2020 |
Activity Feed
- Karma Re: How Can I Extract Specific Email Subject Keywords? for richgalloway. 06-05-2020 12:51 AM
- Posted Re: IOC Inputlookup on Splunk Search. 05-05-2020 06:24 AM
- Posted Re: IOC Inputlookup on Splunk Search. 05-01-2020 09:42 AM
- Posted IOC Inputlookup on Splunk Search. 05-01-2020 04:04 AM
- Tagged IOC Inputlookup on Splunk Search. 05-01-2020 04:04 AM
- Posted Re: Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-07-2020 12:29 PM
- Posted Re: Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-07-2020 03:20 AM
- Posted Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-06-2020 11:27 PM
- Tagged Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-06-2020 11:27 PM
- Tagged Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-06-2020 11:27 PM
- Tagged Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-06-2020 11:27 PM
- Tagged Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-06-2020 11:27 PM
- Tagged Possible Email Leakage and Auto-forwarding rules (Exchange Logs) on Splunk Enterprise Security. 04-06-2020 11:27 PM
- Posted Re: How Can I Extract Specific Email Subject Keywords? on Splunk Search. 04-02-2020 01:44 PM
- Posted Re: Email from Malicious sender on Splunk Search. 04-02-2020 01:08 PM
- Posted How Can I Extract Specific Email Subject Keywords? on Splunk Search. 04-02-2020 12:11 PM
- Tagged How Can I Extract Specific Email Subject Keywords? on Splunk Search. 04-02-2020 12:11 PM
- Tagged How Can I Extract Specific Email Subject Keywords? on Splunk Search. 04-02-2020 12:11 PM
- Tagged How Can I Extract Specific Email Subject Keywords? on Splunk Search. 04-02-2020 12:11 PM
- Tagged How Can I Extract Specific Email Subject Keywords? on Splunk Search. 04-02-2020 12:11 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 |
05-05-2020
06:24 AM
Hi,
No results based on your query
to verify that i'm receiving the events in the screenshot below
... View more
05-01-2020
09:42 AM
Hi Hars,
unfortunately it didn't work, no events showed.
Would you please advice?
... View more
05-01-2020
04:04 AM
Hi ,
my goal is to detect if there is any matches with my custom Domain_IOC.csv list and display additional column for the note.
Domain_IOC.csv list includes two columns
Domain and ioc_note (example picture attached of lookup table)
I want the output to be if there was matches with domain is to include the ioc_note column as well.
Current Query I have (Which provides me the matches with domain but doesn't include ioc_note column)
index=dns sourcetype="dnslog" [|inputlookup Domain_IOC.csv |fields Domain]
| eval Date=strftime(_time, "%Y-%m-%d %H:%M:%S")
| stats values(Domain) as IOC by Date,host,Account,IP,Action
For your kind support.
... View more
- Tags:
- splunk-enterprise
04-07-2020
12:29 PM
Hi I tried it but there is not field for sessionid.
Would you please advice.?
Regards,
... View more
04-07-2020
03:20 AM
Hi @to4kawa,
I don't have filed or sample logs for auto-forwarding.
Maybe this case has been observed and identified by one of the users before. (It will be good to share)
2- Detect possible email leakage
In other hand, I would like to have query where that it will check if
specific sender sending 10 or more emails to specific recipient in 3 minutes duration.
This can give us possibility not assurance if user leaking emails.
Regards,
... View more
04-06-2020
11:27 PM
Hi all,
What I want to achieve is to identify the users that possibly leaking /auto-forwarding emails to his personal email address (e.g. gmail) based on Exchange logs
1- Detect possible Auto-forwarding rule
2- Detect possible email leakage
Company email ID: 123@123.com
Private Email ID: *@gmail.com and *@yahoo.com
1- Detect Possible Auto-Forwarding Rule
based on timestamp can I have splunk query to support me identify users that auto-forwarding ?
2- Detect possible email leakage
I want to capture if user sending 10+ emails to specific recipient using free email services e.g. gmail in duration of 3 minutes.
Sample Query
index=mail-1 sourcetype="MSExchange:*" sender=123@123.com
| search recipient IN("*@gmail","*@yahoo.com")
Thanks in Advance.
Regards,
... View more
04-02-2020
01:44 PM
Just Perfect, It worked as it should. Thanks for your prompt support
Thanks again,
... View more
04-02-2020
01:08 PM
If we assume that you want to search based on email subject from mail exchange.
index=* sourcetype="MSExchange*" message_subject="Email received from malicious sender"
| table _time, sender,recipient,message_subject
... View more
04-02-2020
12:11 PM
Good evening,
How to extract couple of subject email keywords from specific field "message_subject"
Let's consider the below three dump subject emails that the user receive/send: CEO urgent email for the invitation CEO need the request urgently secret national project
I want to have count not for the whole subject email but only to visualize the number of "secret" and "urgent" without the full subject email and count per hour
My query
index=mail-pri sourcetype="MSExchange*" sender=* OR recipient=*
| search message_subject IN ("*secret*","*urgent*")
| search NOT sender IN ("noreply@xyz.com","info@xyz.com")
| timechart span=1h count by Message_subject
The number of count I get (For example) Which is three counts CEO urgent email for the invitation CEO need the request urgently secret national project
What I want to achieve is to get count like. Urgent 2 Secret 1
for your kind support and thanks
... View more
Labels
- Labels:
-
field extraction
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-01-2020
10:01 AM
|
