How to create an Alert Connection VPN from foreign...

quangtran · ‎02-23-2022

how to create an alert detect when there is a VPN connecting from the outside

ITWhisperer · ‎02-23-2022

What data do you have in your events?

How do you identify if the connection is from "outside"?

gcusello · ‎02-23-2022

your rerquest is a little vague, could you share more information, some example of your logs and a description of the values to understand sender (src-ip, username, ect...)?

Ciao.

Giuseppe

gcusello · ‎08-09-2022

Hi @quangtran,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

quangtran · ‎08-09-2022

sorry, because this warning does not have enough log sources at the moment, i have not continued writing

gcusello · ‎08-09-2022

Hi @quangtran,

ok, let us know if we can help you more.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

How to create an Alert Connection VPN from foreign source

alert action

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?