Coordinated Login Attack Detection with a Custom Alert Action (Splunk)
This lab pushed me a bit outside my comfort zone.
Until now, most of my Splunk work was about searches, dashboards, and alerts. Here, I wanted to answer a tougher question:
What if the attack is distributed and doesn’t come from a single IP?
That’s...
abishekvengeri.hashnode.dev3 min read