faststeak/gist:824a9bad9b0a0784f51ed9767b6e9810

Created May 20, 2019 16:21

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/faststeak/824a9bad9b0a0784f51ed9767b6e9810.js"></script>
Save faststeak/824a9bad9b0a0784f51ed9767b6e9810 to your computer and use it in GitHub Desktop.

Download ZIP

Splunk Endpoint DM search for regsvr32.exe activity

Raw

gistfile1.txt

| tstats summariesonly=true allow_old_summaries=true count from datamodel=Endpoint.Processes where Processes.process_name="regsvr32.exe" by _time  Processes.dest Processes.parent_process Processes.process span=15m

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment