Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- index=pa sourcetype=pan:threat raw_category = "web-advertisements" src IN (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12)
- | stats count by src
- | rename src AS device.ip
- | join device.ip [search index=netvuln sourcetype=darktrace | stats values(device.hostname), values(device.macaddress), values(device.os), values(breachUrl), values(model.name), values(model.tags{}), values(triggeredComponents{}.triggeredFilters{}.trigger.value
- ), values(triggeredComponents{}.triggeredFilters{}.filterType), values(device.typename), values(device.tags{}.name) by device.ip | fields device.ip, values(device.hostname), values(device.macaddress), values(device.os), values(breachUrl), values(model.name), values(model.tags{}), values(triggeredComponents{}.triggeredFilters{}.trigger.value), values(triggeredComponents{}.triggeredFilters{}.filterType), values(device.typename), values(device.tags{}.name)]
- | sort device.ip DESC
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement