Like the Trojan lookup tables? How can I test if the event isn't happening?
I could set up the search for the port/protocol/name and use the email event - does anyone have an example of this?
The other issue is I can't cut and paste into a spreadsheet and move the known Trojan to a CSV file for Splunk. So it would be a lot of typing....
↧