Hello all!
I m stucking a bit, and I want to verify some points. I m a technical guy that want to use more professional software at home. I have a pfsense firewall with snort, and a lot of Switches APs and so on. I want to archive:
1) Use Splunk as Syslog server, and have all data of my systems here
I have created the syslog TCP/UDP ports, but do I really need a 3rd party syslog Server on the same server? I was expecting with that config, that Splunk is open the ports and play syslog Server from now. Yes best practice is a other server, but I m a homeuser. Is it really not possible that splunk do all of the job?
2) Want to upload the Data to Microsoft Cloud App Security to consume here.
I have seen the Connector available, so should not the problem
3) Want to use all this features for free 🙂
I have seen the 500MB Limit per day, thats OK. But is also the Connectors like MCAS included here? Is the approach of download the Enterprise version, wait to expire and than switch to free right? I want to avoid that I configure now, and than I have to install a other software