Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Notification for Server Code Changes

brandoncmurphy
New Member
‎09-09-2019 09:26 AM

I need to create an automatic notification that triggers anytime one of our development team makes a change to the code for one of the web servers for our website. The specifics of the notification don't need to be complex.

Basically if/when Bob makes a change to the code for www. fakewebsite. com, I need to be notified because Bob has a tendancy to forget to let others know. However, I also need to know when he makes changes to ww1. fakewebsite. com. Additionally, I also want to be notified if Tom or Harry or anyone else make changes. So simply monitoring Bob's activity does not cover the need.

For security reasons, I can't provide specific server names or addresses, so please just use a stand in for any examples.

0 Karma
Reply

woodcock
Esteemed Legend
‎09-09-2019 03:36 PM

You need another tool such as TripWire or fsmon and Splunk the output from those:
https://github.com/nowsecure/fsmon

Reply

jacobpevans
Motivator
‎09-09-2019 02:39 PM

Basically if/when Bob makes a change to the code for www. fakewebsite. com

Where is the code stored? Is it compiled or raw text? Assuming you have access to C:\fakepath\coderepository\code.js (or even the compiled exe), you can use this article to help you monitor for file changes: https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows. If properly set up, the fields Sid and User will have the information you're requesting.

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma
Reply

brandoncmurphy
New Member
‎09-10-2019 11:54 AM

How can I correlate Sid values with a specific user? Additionally, I am returning millions of results when monitoring WinEventLog:Security, is there a reliable way to filter for changes to the code?

If you can't already tell, I am quite new to Splunk and IT as a whole.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...