Query of the Week

Stay in the loop with our query of the week.
Filter By

Check for "Bouncing" Ingesters

This query checks the logs in the Gravwell tag for ingester connect/disconnect events and charts the frequency of these events per ingester. If you see an ingester disconnecting and reconnecting...
Query
04.19.2021

Show Last Set of MSI Executions Per Computer

This query will show the last set of MSI installers that were fired on each computer. tag=windows winlog Provider==MsiInstaller EventID==1040 Computer EventData | regex -e EventData...
Query
04.09.2021

100 Years of Corn Prices

For this query, we used a CSV from data.gov that covers grain prices over 100 years. We add the CSV as a resource, and use dump and compound queries to create a parsable date field, put the data into...
Query
04.05.2021

Show How Long Each Application is Listening to the Microphone

This week's Query of the Week uses Sysmon logs to see when applications access the microphone, then displays a table for each. tag=sysmon winlog Provider=="Microsoft-Windows-Sysmon" EventID==13...
Query
03.29.2021

Pointmap of usernames logging into F5 boxes via latest RCE

This query provides a pointmap of usernames successfully logging into F5 boxes via the latest RCE: tag= words User successfully logged | regex "User (?P\S+) successfully logged in from (?P\S+) using"...
Query
03.22.2021
1 2

Subscribe for Gravel Updates

Signup for the Gravwell newsletter to be the first to hear about announcements, new product features, events, and more.

TOP