Re: Alert Connection VPN from foreign

quangtran · ‎02-23-2022

how to create an alert detect when there is a VPN connecting from the outside

ITWhisperer · ‎02-23-2022

What data do you have in your events?

How do you identify if the connection is from "outside"?

gcusello · ‎02-23-2022

your rerquest is a little vague, could you share more information, some example of your logs and a description of the values to understand sender (src-ip, username, ect...)?

Ciao.

Giuseppe

gcusello · ‎08-09-2022

Hi @quangtran,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors;-)

quangtran · ‎08-09-2022

sorry, because this warning does not have enough log sources at the moment, i have not continued writing

gcusello · ‎08-09-2022

Hi @quangtran,

ok, let us know if we can help you more.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated by all the Contributors 😉

How to create an Alert Connection VPN from foreign source

alert action

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

How to create an Alert Connection VPN from foreign source

alert action

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk