Techniques
Sample rules
Spectre and Meltdown Vulnerable Systems
- source: splunk
- technicques:
Description
The search is used to detect systems that are still vulnerable to the Spectre and Meltdown vulnerabilities.
Detection logic
| tstats `security_content_summariesonly` min(_time) as firstTime max(_time) as lastTime from datamodel=Vulnerabilities where Vulnerabilities.cve ="CVE-2017-5753" OR Vulnerabilities.cve ="CVE-2017-5715" OR Vulnerabilities.cve ="CVE-2017-5754" by Vulnerabilities.dest
| `drop_dm_object_name(Vulnerabilities)`
| `security_content_ctime(firstTime)`
| `security_content_ctime(lastTime)`
| `spectre_and_meltdown_vulnerable_systems_filter`