Alerting

How to create an Alert Connection VPN from foreign source

quangtran
Explorer

how to create an alert detect when there is a VPN connecting from the outside

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What data do you have in your events?

How do you identify if the connection is from "outside"?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

your rerquest is a little vague, could you share more information, some example of your logs and a description of the values to understand sender (src-ip, username, ect...)?

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

0 Karma

quangtran
Explorer

sorry, because this warning does not have enough log sources at the moment, i have not continued writing 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

ok, let us know if we can help you more.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

0 Karma
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...