Alerting

Can anyone please help to create a DOS/DDOS alert without using any application in Splunk?

mlm
Explorer

Hello guys,

Can anyone please help me to create a DOS/DDOS alert without using any application in splunk. 

For example: 

if source IPs sending thousands of TCP packets simultaneously within the 15-20 minutes or so.  

I can't seem to find any docs that related to this.

TIA

marioespbaires
Loves-to-Learn

Hello there,

did you find how to do it? if so, may you share it? 😄 

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
To getting help you must 1st tell what you have on your splunk. Describe your log events, indexes etc.
This is doable if/when you have suitable data in splunk.
r. Ismo
0 Karma
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...