Forum Discussion

AtakanBal's avatar
AtakanBal
Icon for Bronze III rankBronze III
2 months ago

CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive

Hello community, I can't find the answer to these question

I tried using the Sigma file provided in the lab to query Splunk it returned no events. I also tried doing custom queries with using similar strings. But I never got the correct answers

Any helpis appreciated. Thanks

  • Hi AtakanBal, I hope you are doing well!

    I appreciate you raising this matter through the community. Since you raised this question, I have worked internally with our lab content team, as it did appear there were issues occurring in this particular lab.

    The team has now rolled out a fix allowing you to surface those events within the lab environment, so this should be working again without issues!

    If you continue having the same problem in the lab, please keep in touch, and I will gladly take another look.

  • MaxCucchi's avatar
    MaxCucchi
    Icon for Community Support rankCommunity Support

    Hi AtakanBal, I hope you are doing well!

    I appreciate you raising this matter through the community. Since you raised this question, I have worked internally with our lab content team, as it did appear there were issues occurring in this particular lab.

    The team has now rolled out a fix allowing you to surface those events within the lab environment, so this should be working again without issues!

    If you continue having the same problem in the lab, please keep in touch, and I will gladly take another look.

    • AtakanBal's avatar
      AtakanBal
      Icon for Bronze III rankBronze III

      Hi MaxCucchi , works fine now! Thank you and to the team for checking the issue and providing a quick fix 👏

  • TillyCorless's avatar
    TillyCorless
    Icon for Community Manager rankCommunity Manager

    Hi AtakanBal I'll raise this internally and come back to you. In the meantime, somebody else within the community may be able to help.

    Thanks!

    Tilly