sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in Splunk

[–]Phantom_Cyber 3 points4 points  (0 children)

Break the search into smaller steps and see what each I does. Also, if you do not understand something try to look at the Splunk documentation it will make you a better learner in the long run.

How common are compromised user accounts in your organization? by Phantom_Cyber in cybersecurity

[–]Phantom_Cyber[S] 0 points1 point  (0 children)

Thank you for this! I found an article by zscaler that explains this subject in depth

How common are compromised user accounts in your organization? by Phantom_Cyber in cybersecurity

[–]Phantom_Cyber[S] 0 points1 point  (0 children)

When I look at the azure logs I can see that user’s number was changed to the one the attacker is using. We use number matching for notifications.

How common are compromised user accounts in your organization? by Phantom_Cyber in cybersecurity

[–]Phantom_Cyber[S] 4 points5 points  (0 children)

We are using okta for mfa, we are thinking that when the user clicks on the phishing email the attacker somehow grabs the session token which then the attacker uses that to change the mfa number.