Hello,
I'm new to Splunk and want to create some alerts with security context.
Does a "cookbook" or something exist showing lists of a bunch of different types of alerts with the queries\syntax?
For example (how to make):
Brute Force
Account Adds to Administrator Accounts
Abnormal Process Activity
ect
ect
Thanks!
↧