All Apps and Add-ons

How to create a search that will show me any and all changes an admin made to firewalls?

theSOCguy
Explorer

Hello World, 

I am attempting to create a search in Splunk that will provide me with any and all changes an admin made to our firewalls. This is part of a "governance" task and we have logs coming from the FWs. Any pointers will be appreciated. 

Best,

AD

Labels (1)
Tags (2)
0 Karma

theSOCguy
Explorer

Been a while. Learning a lot about Splunk. I found the index and specific event code needed to make this search happen. 

index=fgt eventtype=ftnt_fortigate_config_change

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What do the events that you have coming in look like? For example, fields you have extracted from the events, or do you need help extracting the fields?

theSOCguy
Explorer

@ITWhisperer I'm sitting down with the people that configured Splunk for this network. I cant even get basic logs to pull-up via a simple search. Might be a configuration issue. I will get back to you once I have some logs to work with. 

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...