2026-04-13 10-02-48

15:31 4 Speakers 4 Poglavlja 318 segmenti

Poglavlja

  1. 0:06

    In this video, we're going to walk through a short kind of hypothetical threat hunt just to look at the threat hunting process in Splunk from a more theoretical view, including, you know, what kind of queries you can do when pivoting and th…

  2. 5:08

    have the asterisk in there for that wildcard. And we're also looking as part of the command line that was entered in there for the letters enc for encoded. We are looking for that somewhere in that command line. Now, there's many different …

  3. 6:55

    Again, there are many, many different ways to kind of build this query. This is just one option. Now, say you don't have sysmon because you can see with the event code equals one, that is also the name of the index. Strong indication that w…

  4. 11:57

    So remember to include the index. Just by default, start your query with index equals, and then whatever the name of the index you're looking through is. Make sure your time frame is correct on your search query. Again, that can be very fru…