SIEM Hyper Queries: introduction, current detection methods (part I/II)
The Splunk language is very powerful. I've been writing SPL for years and I still keep discovering new ways to use it, especially when browsing the docs or the community forums trying to solve another problem.
This year, I've published a query for detecting multiple flavors of password brute-force attacks using streamstats command. That query is leveraging some of the characteristics of what I am calling a Splunk Hyper Query.