John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?

Last Updated on August 1, 2021 by Admin 1

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

  • index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. … ..
  • index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..
  • index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..
  • index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) … … …

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments