API tools faq
paste
Guest User

Untitled

a guest
Jun 19th, 2018
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.87 KB | None | 0 0
raw download clone embed print report
  1. select QIDNAME(qid), CATEGORYNAME(highlevelcategory), CATEGORYNAME(category), LOGSOURCENAME(logsourceid), severity, sourceip, destinationip, "Filename", username, domainid, UTF8(payload), DATEFORMAT(starttime, 'YYYY-MM-dd HH:mm:ss')
  2. from events
  3. where INOFFENSE(144)
  4. LAST 20 DAYS
  5.  
  6. -----------
  7.  
  8. select * from events WHERE INOFFENSE(50)
  9.  
  10. -----
  11.  
  12. # other sample queries - to be use later:
  13.  
  14. SELECT sourceip, UNIQUECOUNT(destinationip) as 'unique_destinations', COUNT(*) as 'total events' FROM events WHERE eventdirection = 'L2R' GROUP BY sourceip ORDER BY sourceip LAST 24 hours
  15.  
  16. select username, sourceip,
  17. count(*) from events
  18. group by username, sourceip
  19. ORDER BY username, sourceip
  20. last 5 DAYS
  21.  
  22. Find users who logged in from multiple systems
  23. select username, UNIQUECOUNT(sourceip) as count_sourceip,
  24. count(*) from events
  25. group by username ORDER BY count_sourceip DESC last 10 DAYS
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!