faststeak/gist:6446828b64688d8aad211703024d619c

Created November 3, 2017 16:37

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/faststeak/6446828b64688d8aad211703024d619c.js"></script>
Save faststeak/6446828b64688d8aad211703024d619c to your computer and use it in GitHub Desktop.

Download ZIP

Splunk osquery search to get a list of ip to mac pairs

Raw

gistfile1.txt

index=osquery sourcetype=osquery:interface* NOT address=127.0.0.1 NOT address="::1" NOT mac=00:00:00:00:00:00 | stats values(address) as address values(mac) as mac by host interface | mvexpand mac |

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment