Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Salesforce Security Use case

tv00638481
Explorer
‎11-16-2023 11:42 PM

Hi,

I'm looking Security Use case on Salesforce application. Request to suggest if any please.

Regards

BT

Labels (2)
0 Karma
Reply

tv00638481
Explorer
‎02-06-2024 03:53 AM

I'm trying understand the below query to implement. what would be the expected result .

Any idea about this query.

https://lantern.splunk.com/Splunk_Platform/UCE/Security/Threat_Hunting/Protecting_a_Salesforce_cloud...

ROWS_PROCESSED>0 EVENT_TYPE=API OR EVENT_TYPE=BulkAPI OR EVENT_TYPE=RestAPI
|lookup lookup_sfdc_usernames USER_ID
|bucket _time span=1d 
|stats sum(ROWS_PROCESSED) AS rows BY _time Username
|stats count AS num_data_samples max(eval(if(_time >= relative_time(maxtime, "-1d@d"), 'rows',null))) AS rows avg(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS avg stdev(eval(if(_time<relative_time(maxtime,"-1d@d"),'rows',null))) AS stdev BY Username
|eval lowerBound=(avg-stdev*2), upperBound=(avg+stdev*2)
|where 'rows' > upperBound AND num_data_samples >=7

 

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎02-08-2024 03:22 PM

on that same link, they have given a good search explanation. may i know if you read it.. may i know what confusion you have after reading that, thanks. 

0 Karma
Reply

tv00638481
Explorer
‎11-17-2023 02:36 AM

Thank you, sir, for the inputs share. Will come back if something needed.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...