Alerting

How to create an alert that monitors VPN solution use?

Explorer

Hello,

I'm looking to create an alert that looks for and triggers when certain VPN solutions, such as GoToMyPC, VNC, etc. are utilized within our environment.

Does anyone have experience with this? I wasn't able to find any similar existing posts. Thank you.

0 Karma

Super Champion

Hi @rcastello,

The answer is in the logs... what kind of logs are you collecting already and what applications logs are you fetching from your endpoint ?
You need to have a tool on your hosts to detect the applications that are being installed/used/removed then you can fetch the logs from there.

Cheers,
David

SplunkTrust
SplunkTrust

Do you have a tool (firewall, etc.) in place that can detect VPN use? If so, trigger the alert on events from that tool.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!