Stan Bradley
| append [| inputlookup append=t unmanaged_higher.csv in which cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Once the “Last Discover By”| append [ inputlookup append=t unmanaged_med.csv where cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Just like the “Past Located Of the”]| append [| inputlookup append=t unmanaged_reasonable.csv in which cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName Because the “Last Found Because of the”] | append [| inputlookup notsupported.csv where cid=* MACPrefix!=none LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Since “History Located From the” ] | eval “Past Viewed (UTC)”=strfdate(_date, “%m/%d/%y %I:%M%p”) | fillnull value=null assistance | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_support=mvsort(mvdedup(split(discoverer_services,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | sort 0 -“Past Viewed (UTC)” | lookup oui.csv MACPrefix Productivity Name brand, ManufacturerAddress | fillnull worthy of=NA Manufacturer | eval Name brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ]
|head a hundred |statistics matter earliest(_time) since the very first of the username sourcetype | eval earliest=strftime(basic,”%m/%d/%y %H:%M:%S”) | eval username=lower(username) | statistics count because of the login name sourcetype basic | dedup login name
| inputlookup managedassets.csv | eval “History Seen (UTC)”=strfdate(_go out, “%m/%d/%y %I:%M%p”) | type 0 -“Past Seen (UTC)” | research oui.csv MACPrefix Yields Company | fillnull value=NA Company | eval Brand name=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer)
| join help [| inputlookup assistance_learn where cid=* | eval “History Seen (UTC)”=strfgo out(_date, “%m/%d/%y %I:%M%p”) | type 0 -“Past Viewed (UTC)” | look oui.csv MACPrefix Yields Company | fillnull worth=NA Brand name | eval Company=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | dedup aid]
| append [| inputlookup append=t unmanaged_high.csv where cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Because the “History Located By” | append [ inputlookup append=t unmanaged_med.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=nothing | rename ComputerName Since the “History Receive From the”] | append [| inputlookup append=t unmanaged_reduced.csv in which cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName While the “History Found From the”] | append [| inputlookup notsupported.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Since “Last Discover By the” ] | eval “Last Seen (UTC)”=strfdate(_big date, “%m/%d/%y %I:%M%p”) | fillnull well worth=null support | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_aid=mvsort(mvdedup(split(discoverer_help,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | type 0 -“Past Viewed (UTC)” | lookup oui.csv MACPrefix Productivity Brand, ManufacturerAddress | fillnull really worth=NA Brand | eval Brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ]
| append [|inputlookup aws_ec2_images.csv] | append [|inputlookup aws_ec2_hours.csv] | append [|inputlookup aws_ec2_mac_ip_browse.csv] | append [|inputlookup aws_ec2_networkacl_entries.csv] | append [|inputlookup aws_ec2_networkacls.csv] | append [|inputlookup aws_ec2_networkinterface_privateips.csv] | append [|inputlookup aws_ec2_networkinterfaces.csv] | append [|inputlookup aws_ec2_securitygroup_legislation.csv] | append [|inputlookup aws_ec2_securitygroups.csv] | append [|inputlookup aws_ec2_subnets.csv] | append [|inputlookup aws_ec2_amounts.csv] | append [|inputlookup aws_ec2_vpcs.csv] | append [|inputlookup aws_iam_account_aliases.csv]
| 155 | Parece | _Day |
| inputlookup managedassets.csv | eval “History Seen (UTC)”=strfdate(_day, “%m/%d/%y %I:%M%p”)| types 0 -“Last Seen (UTC)” | lookup oui.csv MACPrefix Yields Name brand | fillnull worth=NA Name brand | eval Company=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | register services [| inputlookup help_master in which cid=* | eval “Past Viewed (UTC)”=strftime(_date, “%m/%d/%y %I:%M%p”) | types 0 -“Past Viewed (UTC)” | research oui.csv MACPrefix Yields Brand | fillnull value=NA Manufacturer | eval Name brand=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) | dedup help] Stan Bradley| append [| inputlookup append=t unmanaged_higher.csv where cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName As the “Past Discovered From the”| append [ inputlookup append=t unmanaged_med.csv in which cid=* MACPrefix!=not one LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName As the “Last Discover By”]| append [| inputlookup append=t unmanaged_reasonable.csv where cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=none | rename ComputerName Due to the fact “History Receive By”] | append [| inputlookup notsupported.csv in which cid=* MACPrefix!=nothing LocalAddressIP4=* LocalAddressIP4!=not one | rename ComputerName While the “Last Discovered By the” ] | eval “Past Seen (UTC)”=strfdate(_go out, “%m/%d/%y %I:%M%p”) | fillnull well worth=null aid | eval LocalAddressIP4=mvsort(mvdedup(split(LocalAddressIP4,” “))) | eval discoverer_services=mvsort(mvdedup(split(discoverer_services,” “))) | eval aip=mvsort(mvdedup(split(aip,” “))) | kinds 0 -“Past Viewed (UTC)” | look oui.csv MACPrefix Output Company, ManufacturerAddress | fillnull worthy of=NA Brand name | eval Manufacturer=if(Manufacturer=”NA”,InterfaceDescription,Manufacturer) ] |
157 | CS | ComputerName |
event_simpleName=”ProcessRollup2″ ComputerName=COMPUTERNAME FilePath=”*Users*” Otherwise CommandLine=”*Users*” | rex job=FilePath means=sed “s/.*\bUsers\b.(\w+)(\b.*)/\1/g” | rex occupation=CommandLine means=sed “s/.*\bUsers\b.(\w+)(\b.*)/\1/g” | regex CommandLine!=”(?i).\b.” | regex FilePath!=”(?i).\b.” Stan BradleyI found myself fortunate enough are increased toward a farm where I had chances from an early age to help you take a look fish and trap, We spent much of my youth search squirrels, rabbits, frog gigging and you may powering turtle lines. We come deer query with my bend during the age sixteen last year marked my 35th ribbon seasons regarding woods of Kentucky inside the 1995 I decided to go to huge game book college or university in the Gunnison, Tx. I invested per year from then on going back home I already been Chicken bing search and it turned into certainly my most significant hobbies. Today I am privileged is part owner regarding an effective turkey label team . We deer see together on the fall i poultry check with her throughout the spring we bowfish with her in the summertime exactly what a great deal more could i require. |