Hi we are just starting a Proof of concept with Splunk so appreciate that I am totally new. We are looking to do some Splunk with Tealeaf data. Specifically, event data. We are having challenges Tealeaf's CEP (Complex Event Processing) to generate the file. Has anyone done this or have any advice? Thanks!
I currently using TeaLeaf data exports into Splunk mostly for Fraud investigation and security analytics purposes for big financial brokerage and banking client.
We setup regular hourly and daily cxConnect log data exports into Splunk and I also built a set of customized Splunk dashboards allowing to run very quick drilldown views, such as:
"show me all accounts there were accessed by this group of IP addresses" or:
"alert me when multiple accounts were accessed by the same IP / User Agent combo".
Above queries is not something TeaLeaf is capable of and so Splunk comes really handy as a custom security investigation dashboard solution.
I plan to write a detailed blog about possibilities of combining TeaLeaf with Splunk. If anyone is really interested in that - I can make it happen faster so more people will be able to share and benefit from this technology.