Can I use Splunk to monitor user and agent activit...

Difference · ‎01-11-2016

With multiple applications both cloud and on premise in use, I am looking for a toolset which can automate the manual process of downloading a block of system logs on a periodic basis and manually looking for anomalies. Ideally I would like system logs to be loaded and reporting generated for non compliant practices e.g. sharing passwords , using restricted websites etc ?.

pgreer_splunk · ‎01-11-2016

As Sundareshr stated, Splunk would definitely be a great tool for loading and searching your data for password sharing occurrences, access to restricted sites, etc. There would need to be data within your logs that could indicate that information (if it's not there, Splunk isn't going to make the data occur for you) or there would need to be a pattern within an event or set of events that would infer the existence of a password share and/or access to a restricted site during a session/transaction.

Download the free instance or sign up for a free Cloud instance of Splunk and give it a try! 🙂

sundareshr · ‎01-11-2016

As long as the logs have something in them regarding sharing passwords and using restricted websites, yes Splunk would be a great tool to automate the manual process of downloading logs and look for anomalies.

Can I use Splunk to monitor user and agent activity on a network to ensure adherence to policies e.g. stopping password sharing, etc?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?