File With Samsam Extension

Description

The search looks for file writes with extensions consistent with a SamSam ransomware attack.

   Help

File With Samsam Extension Help

You must be ingesting data that records file-system activity from your hosts to populate the Endpoint file-system data-model node. If you are using Sysmon, you will need a Splunk Universal Forwarder on each endpoint from which you want to collect data.

   Search

Open in Search