Splunk search for All network traffic
Copy
| datamodel Network_Traffic All_Traffic search | dedup All_Traffic.dest | stats count by All_Traffic.src_ip, All_Traffic.dest,All_Traffic.action
This Splunk search will provide a summary of all network traffic, including the src, dest and action. This search depends on data that has been normalized to the CIM and correctly mapped to the Network Traffic data model
0 comments
[1]
[0]
[1]
[0]
Sign in or Register to submit a comment