Splunk as a web application security tool

logjam01 — Mon, 02 Nov 2020 01:03:41 GMT

I am relatively new to Splunk as it is really used.

My previous usage has all been ad hoc when it was made available to me for log analysis after an "event". That usage was mostly the equivalent of egrep + regular expressions. Splunk and I got the job done.

I am finally in a place where all the features of Splunk are being ( or are intended to be ) used.

I am being asked if Splunk can function as a web application security testing tool - ala BurpSuite or ZAP or Nikto or the like.

My take is no - that Splunk can perform analysis functions after the fact that can potentially reveal and alert on web application security issues - but it is not a substitute for dedicated tools of the sort previously mentioned.

Have I got this right?

Thanks!

Re: Splunk as a web application security tool

gcusello — Mon, 02 Nov 2020 07:14:35 GMT

Hi @logjam01,

Splunk isn't a scanner, Splunk is a log management and a correlation system system (in addition to an infinity of other things) so you can use it to tale the results of a scan and correlate them with its informations about different systems.

e.g.: Splunk Mission Control integrates Tenable.io to have the scan results in the same interface.

You should understand the features of Splunk to understand what to do with him and what to do integrating a different tool.

Ciao.

Giuseppe

topic Splunk as a web application security tool in Security

Splunk as a web application security tool

Re: Splunk as a web application security tool