File With Samsam Extension


The search looks for file writes with extensions consistent with a SamSam ransomware attack.


File With Samsam Extension Help

You must be ingesting data that records file-system activity from your hosts to populate the Endpoint file-system data-model node. If you are using Sysmon, you will need a Splunk Universal Forwarder on each endpoint from which you want to collect data.


Open in Search