Getting Data In

Configuring Splunk with a Snare/ Windows Security Log Sourcetype

rmcdougal
Path Finder

Ok, so for reasons beyond this discussion we are unable to use the universal forwarder. So, we have decided to bring in our data using Snare. Has anyone had any experience with creating a sourcetype for snare forwarded messages?

Tags (2)
0 Karma

sdaniels
Splunk Employee
Splunk Employee

There is pretrained sourcetype for this already. Last one in the table. Just make sure to set your sourcetype manually to 'windows_snare_syslog'.

http://docs.splunk.com/Documentation/Splunk/5.0/Data/Listofpretrainedsourcetypes

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...