Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

What system logs are needed to deploy Splunk effectively and cover the SANS top 20? Need to determine where to deploy forwarders

jardakanian
New Member
‎07-22-2016 12:47 PM

Hi

I am deploying Splunk in an environment and would like to capture as many security aspects from the SANS top 20 as possible. I am not too technical, so I am hoping someone will be able to help me determine what type of logs I will actually need access to so I know where to deploy my forwarders.

0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎07-24-2016 12:30 PM

This is a big topic.

Luckily for you, Splunk has at least made an attempt at compiling some of this information for you in their "Splunk and the SANS stuff" document. That's not its real name, by the way. The document explains the SANS CSC, what they are and how Splunk can help. It also lists the Apps that Splunk has available to read the data out of the various other pieces of software, too.

You can find that document at their shortcut to SANS link which requires a free registration. You could also find that same PDF if you search using one of the better search engines for "Splunk SANS". I'm just sayin'.

I also think actual application and notes about the various CSCs would be well placed in the Splunk Wiki, because I'll bet there are a lot of people who could use the details of how to actually do this. But really, the usual difficulty is one of figuring out what needs to be done; once you've defined your needs fairly well the rest just becomes a simple technical detail.

Happy SANS hunting!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...