Alerting

How to create an Alert Connection VPN from foreign source

quangtran
Explorer

how to create an alert detect when there is a VPN connecting from the outside

Labels (1)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What data do you have in your events?

How do you identify if the connection is from "outside"?

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

your rerquest is a little vague, could you share more information, some example of your logs and a description of the values to understand sender (src-ip, username, ect...)?

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

0 Karma

quangtran
Explorer

sorry, because this warning does not have enough log sources at the moment, i have not continued writing 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @quangtran,

ok, let us know if we can help you more.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...