Created
October 31, 2017 18:11
-
-
Save faststeak/e5c777e5610606286f4d66507f0f7e8b to your computer and use it in GitHub Desktop.
Splunk - Search to generate host|interface|ip|mac table with osquery data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| index=osquery sourcetype="osquery:interface*" NOT interface=lo | |
| | rename address AS ip | |
| | stats values(*) as * by host | |
| | stats count by host interface ip mac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment