Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- select QIDNAME(qid), CATEGORYNAME(highlevelcategory), CATEGORYNAME(category), LOGSOURCENAME(logsourceid), severity, sourceip, destinationip, "Filename", username, domainid, UTF8(payload), DATEFORMAT(starttime, 'YYYY-MM-dd HH:mm:ss')
- from events
- where INOFFENSE(144)
- LAST 20 DAYS
- -----------
- select * from events WHERE INOFFENSE(50)
- -----
- # other sample queries - to be use later:
- SELECT sourceip, UNIQUECOUNT(destinationip) as 'unique_destinations', COUNT(*) as 'total events' FROM events WHERE eventdirection = 'L2R' GROUP BY sourceip ORDER BY sourceip LAST 24 hours
- select username, sourceip,
- count(*) from events
- group by username, sourceip
- ORDER BY username, sourceip
- last 5 DAYS
- Find users who logged in from multiple systems
- select username, UNIQUECOUNT(sourceip) as count_sourceip,
- count(*) from events
- group by username ORDER BY count_sourceip DESC last 10 DAYS
Add Comment
Please, Sign In to add comment