Alerting

Can anyone please help to create a DOS/DDOS alert without using any application in Splunk?

mlm
Engager

Hello guys,

Can anyone please help me to create a DOS/DDOS alert without using any application in splunk. 

For example: 

if source IPs sending thousands of TCP packets simultaneously within the 15-20 minutes or so.  

I can't seem to find any docs that related to this.

TIA

0 Karma
Get Updates on the Splunk Community!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Attention everyone! We have exciting news to share! We are recruiting new members for the Mission Possible: ...

Unify Your SecOps with Splunk Mission Control

In today’s post, I'm excited to share some recent Splunk Mission Control innovations. With Splunk Mission ...

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...