Stan Bradley
| append [| inputlookup append=t unmanaged_higher.csv where cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Once the “Past Discovered From the”| append [ inputlookup append=t unmanaged_med.csv where cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Just like the “Past Discover From the”]| append [| inputlookup append=t unmanaged_lowest.csv where cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName Given that “Last Discover Because of the”] | append [| inputlookup notsupported.csv where cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName While the “History Receive By” ] | eval “Past Seen (UTC)”=strfgo out(_day, “%m/%d/%y %I:%M%p”) | fillnull worthy of=null aid | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_support=mvsort(mvdedup(split(discoverer_aid,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | types 0 -“History Seen (UTC)” | search oui.csv MACPrefix Production Brand, ManufacturerAddress | fillnull well worth=NA Manufacturer | eval Manufacturer=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ]
|direct 100 |stats number earliest(_time) just like the first of the login name sourcetype | eval basic=strftime(first,”%m/%d/%y %H:%M:%S”) | eval login name=lower(username) | stats amount by username sourcetype earliest | dedup username
| inputlookup managedassets.csv | eval “Last Viewed (UTC)”=strfbig date(_go out, “%m/%d/%y %I:%M%p”) | kinds 0 -“History Seen (UTC)” | look oui.csv MACPrefix Returns Company | fillnull really worth=NA Manufacturer | eval Manufacturer=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer)
| register services [| inputlookup assistance_grasp where cid=* | eval “Past Viewed (UTC)”=strfgo out(_time, “%m/%d/%y %I:%M%p”) | kinds 0 -“Last Seen (UTC)” | look oui.csv MACPrefix Production Manufacturer | fillnull worthy of=NA Brand name | eval Brand name=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | dedup services]
| append [| inputlookup append=t unmanaged_highest.csv where cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Given that “Last Found Because of the” | append [ inputlookup append=t unmanaged_med.csv where cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName Because the “Past Discover By the”] | append [| inputlookup append=t unmanaged_lowest.csv in which cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since the “History Discover By”] | append [| inputlookup notsupported.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since “History Discover By the” ] | eval “Last Seen (UTC)”=strftime(_time, “%m/%d/%y %I:%M%p”) | fillnull well worth=null aid | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_help=mvsort(mvdedup(split(discoverer_aid,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | kinds 0 -“History Viewed (UTC)” | research oui.csv MACPrefix Returns Name brand, ManufacturerAddress | fillnull well worth=NA Name brand | eval Brand name=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ]
| append [|inputlookup aws_ec2_images.csv] | append [|inputlookup aws_ec2_days.csv] | append [|inputlookup aws_ec2_mac_ip_browse.csv] | append [|inputlookup aws_ec2_networkacl_entries.csv] | append [|inputlookup aws_ec2_networkacls.csv] | append [|inputlookup aws_ec2_networkinterface_privateips.csv] | append [|inputlookup aws_ec2_networkinterfaces.csv] | append [|inputlookup aws_ec2_securitygroup_statutes.csv] | append [|inputlookup aws_ec2_securitygroups.csv] | append [|inputlookup aws_ec2_subnets.csv] | append [|inputlookup aws_ec2_quantities.csv] | append [|inputlookup aws_ec2_vpcs.csv] | append [|inputlookup aws_iam_account_aliases.csv]
155 | Parece | _Big date |
| inputlookup managedassets.csv | eval “History Seen (UTC)”=strfdate(_time, “%m/%d/%y %I:%M%p”)| types 0 -“History Viewed (UTC)” | search oui.csv MACPrefix Efficiency Company | fillnull worth=NA Name brand | eval Manufacturer=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | subscribe support [| inputlookup assistance_master in which cid=* | eval “Last Viewed (UTC)”=strfdate(_day, “%m/%d/%y %I:%M%p”) | kinds 0 -“Past Viewed (UTC)” | look oui.csv MACPrefix Yields Brand | fillnull really worth=NA Brand name | eval Brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | dedup aid] Stan Bradley| append [| inputlookup append=t unmanaged_highest.csv in which cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since the “History Found By the”| append [ inputlookup append=t unmanaged_med.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since the “History Located From the”]| append [| inputlookup append=t unmanaged_lower.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName While the “Past Receive Of the”] | append [| inputlookup notsupported.csv where cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName While the “History Found By” ] | eval “Last Viewed (UTC)”=strfday(_time, “%m/%d/%y %I:%M%p”) | fillnull value=null assistance | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_aid=mvsort(mvdedup(split(discoverer_services,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | type 0 -“Last Seen (UTC)” | lookup oui.csv MACPrefix Efficiency Brand, ManufacturerAddress | fillnull well worth=NA Brand name | eval Brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ] |
157 | CS | ComputerName |
event_simpleName=”ProcessRollup2″ ComputerName=COMPUTERNAME FilePath=”*Users*” Otherwise CommandLine=”*Users*” | rex profession=FilePath setting=sed “s/.*\bUsers\b.(\w+)(\b.*)/\1/g” | rex industry=CommandLine setting=sed “s/.*\bUsers\b.(\w+)(\b.*)/\1/g” | regex CommandLine!=”(?i).\b.” | regex FilePath!=”(?i).\b.” Stan BradleyI became lucky enough getting raised toward a farm where I’d the opportunity away from a young age so you can appear fish and trap, We spent the majority of my personal youth search squirrels, rabbits, frog gigging and you may running turtle outlines. I become deer search using my ribbon within period of 16 just last year noted my 35th bow seasons from the woods of Kentucky during the 1995 I visited large game book college or university within the Gunnison, Tx. We invested per year after that coming back family We started Turkey hunting plus it became certainly my personal greatest passions. Now I’m blessed to get part-owner of a good turkey phone call team . We go deer search together with her on the slide i turkey appear together on the spring season i bowfish together with her during the summer exactly what way more is it possible to inquire about. |