File With Samsam Extension
The search looks for file writes with extensions consistent with a SamSam ransomware attack.
File With Samsam Extension Help
You must be ingesting data that records file-system activity from your hosts to populate the Endpoint file-system data-model node. If you are using Sysmon, you will need a Splunk Universal Forwarder on each endpoint from which you want to collect data.
Open in Search