How to create an alert that monitors VPN solution ...

rcastello · ‎05-23-2019

Hello,

I'm looking to create an alert that looks for and triggers when certain VPN solutions, such as GoToMyPC, VNC, etc. are utilized within our environment.

Does anyone have experience with this? I wasn't able to find any similar existing posts. Thank you.

DavidHourani · ‎05-23-2019

Hi @rcastello,

The answer is in the logs... what kind of logs are you collecting already and what applications logs are you fetching from your endpoint ?
You need to have a tool on your hosts to detect the applications that are being installed/used/removed then you can fetch the logs from there.

Cheers,
David

richgalloway · ‎05-23-2019

Do you have a tool (firewall, etc.) in place that can detect VPN use? If so, trigger the alert on events from that tool.

---
If this reply helps you, Karma would be appreciated.

How to create an alert that monitors VPN solution use?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation