- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Alerting
- :
- Notification for Server Code Changes
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Notification for Server Code Changes
I need to create an automatic notification that triggers anytime one of our development team makes a change to the code for one of the web servers for our website. The specifics of the notification don't need to be complex.
Basically if/when Bob makes a change to the code for www. fakewebsite. com, I need to be notified because Bob has a tendancy to forget to let others know. However, I also need to know when he makes changes to ww1. fakewebsite. com. Additionally, I also want to be notified if Tom or Harry or anyone else make changes. So simply monitoring Bob's activity does not cover the need.
For security reasons, I can't provide specific server names or addresses, so please just use a stand in for any examples.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need another tool such as TripWire or fsmon and Splunk the output from those:
https://github.com/nowsecure/fsmon
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Basically if/when Bob makes a change to the code for www. fakewebsite. com
Where is the code stored? Is it compiled or raw text? Assuming you have access to C:\fakepath\coderepository\code.js (or even the compiled exe), you can use this article to help you monitor for file changes: https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows. If properly set up, the fields Sid and User will have the information you're requesting.
Jacob
If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I correlate Sid values with a specific user? Additionally, I am returning millions of results when monitoring WinEventLog:Security, is there a reliable way to filter for changes to the code?
If you can't already tell, I am quite new to Splunk and IT as a whole.
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
