Skip to main content
Splunk Home
LANTERN HOME
  1. Splunk Lantern
  2. Step-by-Step Procedures
  3. Security Investigations
  4. Investigating Systems

Investigating Systems

Follow New articles New articles and comments
  • Application switch to Active Directory multi-tenant access
  • Changes to Active Directory custom domains
  • Child processes of Spoolsv.exe
  • Command line string length
  • File added to the system through external media
  • File downloaded to a machine from a website
  • First time seen command line argument
  • First time seen Windows service
  • MD5 hash of an uploaded file
  • New application permissions granted through Active Directory
  • Newly added Active Directory credentials
  • Newly added Active Directory service principals
  • Processes launched from randomized file paths
  • Registry keys used for privilege escalation
  • Removable devices connected to a machine
  • Sc.exe manipulating Windows services
  • Source types available
  • Suspicious script in the command line
  • Time elapsed between two related events
  • Uncommon processes on an endpoint
  • Windows accessibility binary modifications
The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.
Splunk Home LANTERN HOME
  • Facebook
  • Twitter
  • LinkedIn
Splunk, Splunk> and Turn Data Into Doing are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.