Investigating Systems – Splunk Lantern

Processes launched from randomized file paths
Source types available
Time elapsed between two related events
Command line string length
File added to the system through external media
File downloaded to a machine from a website
MD5 hash of an uploaded file
Removable devices connected to a machine
Suspicious script in the command line

The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.