Alerting

How to create an Alert Connection VPN from foreign source

quangtran
Explorer

how to create an alert detect when there is a VPN connecting from the outside

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What data do you have in your events?

How do you identify if the connection is from "outside"?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

your rerquest is a little vague, could you share more information, some example of your logs and a description of the values to understand sender (src-ip, username, ect...)?

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

0 Karma

quangtran
Explorer

sorry, because this warning does not have enough log sources at the moment, i have not continued writing 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

ok, let us know if we can help you more.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build and Launch AI Agents from Your Splunk Workflows

  Register We’ve all been there: juggling alerts, runbooks, and endless manual searches. What if you could ...

Splunk Cloud Application Management in Terraform

Register   On Tuesday, August 4 at 11AM PDT / 2PM EDT, we’re diving into how you can bring Infrastructure as ...

Get Agentic with Splunk Lantern: Connect to Cisco Cloud Control, Transform ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...