Remote Code Execution Detected in Splunk Enterprise
Nov, 21, 2023, 12:24 PM
Event ID: 201
Event Time: Nov, 21, 2023, 12:24 PM
Rule Name: SOC239 - Remote Code Execution Detected in Splunk Enterprise
Alert Type: Unauthorized Access
Real World Example:⭐ Splunk App for Lookup File Editing RCE via User XSLT
Severity: High
Security Analyst