SIEM Hyper Queries: introduction, current detection methods (part I/II)

The Splunk language is very powerful. I've been writing SPL for years and I still keep discovering new ways to use it, especially when browsing the docs or the community forums trying to solve another problem.

This year, I've published a query for detecting multiple flavors of password brute-force attacks using streamstats command. That query is leveraging some of the characteristics of what I am calling a Splunk Hyper Query.

--

--

Blueteamer. Love logz. Threat Detection Engineering & Security Analytics. Independent contractor. Opstune.com #followback

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Teixeira

Blueteamer. Love logz. Threat Detection Engineering & Security Analytics. Independent contractor. Opstune.com #followback