Getting Data In

Can I use Splunk to monitor user and agent activity on a network to ensure adherence to policies e.g. stopping password sharing, etc?

Difference
New Member

With multiple applications both cloud and on premise in use, I am looking for a toolset which can automate the manual process of downloading a block of system logs on a periodic basis and manually looking for anomalies. Ideally I would like system logs to be loaded and reporting generated for non compliant practices e.g. sharing passwords , using restricted websites etc ?.

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

As Sundareshr stated, Splunk would definitely be a great tool for loading and searching your data for password sharing occurrences, access to restricted sites, etc. There would need to be data within your logs that could indicate that information (if it's not there, Splunk isn't going to make the data occur for you) or there would need to be a pattern within an event or set of events that would infer the existence of a password share and/or access to a restricted site during a session/transaction.

Download the free instance or sign up for a free Cloud instance of Splunk and give it a try! 🙂

0 Karma

sundareshr
Legend

As long as the logs have something in them regarding sharing passwords and using restricted websites, yes Splunk would be a great tool to automate the manual process of downloading logs and look for anomalies.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...