Splunk Tips and Tricks

What is this

This is where I store all my queries for threat hunting, monthly report or just daily report. Good queries is hard to find, people sell and make exculusive queries, but for me it should all be free to help young Analyst to learn all about query and stuff

Macro

You can use macro to store you complex query in Splunk

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
query_for_monthly_report		query_for_monthly_report
README.md		README.md
detect_program_download.spl		detect_program_download.spl
lateral_movement.spl		lateral_movement.spl
lsass_sus_hunting.spl		lsass_sus_hunting.spl
new_service_installed.spl		new_service_installed.spl
splunk_install_service_with_sus_path.spl		splunk_install_service_with_sus_path.spl
sus_process.spl		sus_process.spl
test_query.spl		test_query.spl

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Splunk Tips and Tricks

What is this

Macro

How to use tstats

About

Releases

Packages

Zeroska/Splunk-Queries

Folders and files

Latest commit

History

Repository files navigation

Splunk Tips and Tricks

What is this

Macro

How to use tstats

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages