Our SOC team thinks the hacker uploaded a file into the server. Can you find that uploaded file?
What is the first command run by our hacker?
Pls help to me about these quesitons. I tried all way but I couldnt solve it.
1 Like
Did you identify the attacker’s IP address? If not, the format is as follows: 192.168..*
You should use client IP filtering in the Splunk interface.
The format of the uploaded file is: c**.***
The first command executed is: **
NOTE: Once you find the uploaded file, you’ll immediately see the executed command next to it.
2 Likes
Thanks a lot, I missed it
1 Like
If I could be of help, I’m so glad 
Take care!