Alerting

Notification for Server Code Changes

brandoncmurphy
New Member

I need to create an automatic notification that triggers anytime one of our development team makes a change to the code for one of the web servers for our website. The specifics of the notification don't need to be complex.

Basically if/when Bob makes a change to the code for www. fakewebsite. com, I need to be notified because Bob has a tendancy to forget to let others know. However, I also need to know when he makes changes to ww1. fakewebsite. com. Additionally, I also want to be notified if Tom or Harry or anyone else make changes. So simply monitoring Bob's activity does not cover the need.

For security reasons, I can't provide specific server names or addresses, so please just use a stand in for any examples.

0 Karma

woodcock
Esteemed Legend

You need another tool such as TripWire or fsmon and Splunk the output from those:
https://github.com/nowsecure/fsmon

jacobpevans
Motivator

Basically if/when Bob makes a change to the code for www. fakewebsite. com

Where is the code stored? Is it compiled or raw text? Assuming you have access to C:\fakepath\coderepository\code.js (or even the compiled exe), you can use this article to help you monitor for file changes: https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows. If properly set up, the fields Sid and User will have the information you're requesting.

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma

brandoncmurphy
New Member

How can I correlate Sid values with a specific user? Additionally, I am returning millions of results when monitoring WinEventLog:Security, is there a reliable way to filter for changes to the code?

If you can't already tell, I am quite new to Splunk and IT as a whole.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...