Dashboards & Visualizations

Index, gather, and graph Firewall flows

Engager

Hi,

I'm trying tos earch a way to identify firewall flows on a whole Information System.
As I want to use Splunk Power..I'm trying to know if this scenario is possible and how (with which apps) :
Scenario:
- Deploy Splunk agents on firewall log collectors or servers, and routers (accept[andreject ?])
- Gather & Index Data with splunk
- Draw from Network IP level (logical IP view) the flaws coming from a subnet to another..

Is it possible ? Crazy ?

Thanks in advance for your suggestions.

NB: Benefit will be to index bandwdth flow and calculate throughput too.. later.. But at the moment i need to know WHAT is going though my Information System 🙂

Engager

I'm trying to find clues to HOW to do that 🙂

I read an interesting paper on another methond with afterflow,
approache is similar but less powerfull :
http://www.giac.org/paper/gcia/1651/visualizing-firewall-log-data-detect-security/109883

I plan to watch a webcast tonight on that subject :
http://searchsecurity.techtarget.com/video/Splunk-tutorial-demonstrates-how-to-use-Splunk-for-securi...

I found several visualization solutions with a post:

tnv - The Network Visualizer or Time-based Network Visualizer
http://tnv.sourceforge.net/

INAV - Interactive Network Active-traffic Visualization
http://inav.scaparra.com/about/abstract/

Will look deeper in them.

Don't hesitate to give your answer on this resarch 🙂
My position is to :
1) Index flat files into splunk (firewall logs, routers logs..etc)
2) Then maybe integrate some other dat into splunk and visualize data FROM it.. the question is HOW.

flat files ---> splunk --> graph with what app ?
inav/

..etc