SIEM & SOC fundamentals help

blondoebb · February 29, 2024, 12:33pm

Continuing the discussion from SIEM & SOC fundamentals help:

User performing the action	User added	Group modified	Action perrmed	Action performed on	@timestamp per week	Count of records
Administrator	S-1-5-21-1518138621-4282902758-752445584-1111	Administrators	added-member-to-group	PKI.eagle.local	2023-03-06	1

when i use this date, i have a wrong result.help me

K1ND · March 19, 2024, 9:53am

Hello sir
Did you find this answer?

Jules · September 12, 2024, 2:32am

Does anyone have any answers for this question?

XVX · January 24, 2025, 2:12am

timestamp won’t work, you need to use the event.created filter and change the custom time range to 1 day, I think at least. Very unclear question.

Topic		Replies	Views
SIEM & SOC fundamentals help Academy	15	2227	September 12, 2024
SIEM Visualization Example 4: Users Added Or Removed From A Local Group (Within A Specific Timeframe) Academy question , troubleshooting , academy	6	663	January 24, 2025
SIEM Visualization Example 4 doesn't make sense Academy	6	902	October 28, 2024
Detecting Common User/Domain Recon- Splunk Academy academy	6	682	January 17, 2025
Nubilum-2 Sherlock HTB Content	10	456	June 25, 2024