Monitoring Splunk

We are trying to detect DDOS using splunk that has been deployed on a GCP windows server instance we need help!

VashisthaPandya
New Member

So for our Final year project we have been assigned the project of implementing DDOS and detecting it with Splunk
Now our issue is that we are not getting any logs from the Splunk's ADD DATA INPUT option of Local Windows Networking Monitoring which seems to work for the video I was following to do that

Context of DDOS: 
SO we are using hping3 tcp syn flood attack but their logs aren't getting in through my newly added data input source 
All the other network logs are generating like network from my gcp to rdp to server and back
but these are the only type of logs that are showing
Now if I were to guess the problem it might be that there are two IP provided to us by GCP
Internal and External IP
I've attacked on both but there is no difference in the incoming LOGS
I've checked the connectivity between the two VM's on GCP i.e. Win and Ubuntu 
using ping and telnet 
Also have turned off the rdp win's firewall
also added a firewall rule that allows ingress tcp packets over the port 80 and 21 (which we are attacking on)
So my guess ultimately is that the server of GCP is blocking these type of packets
I'm still not sure how all these things work(I'm a AI dev you see this is not my field)
SO Please help me if you can and have time to!|
THANK YOU for reading my question and taking your time for doing it

IF you have any other questions that you need the answers for to help me be free to ask away as much you guys want

Tags (2)
0 Karma

meetmshah
Builder

Hello, Just checking through if the issue was resolved or you have any further questions?

0 Karma

meetmshah
Builder

Hello @VashisthaPandya, Do you really want to have a "real-real" traffic or dummy would work? Because you can generate dummy Windows EventCode traffic through EventGen (https://splunkbase.splunk.com/app/1924) and deploy it and focus on writing effective search query.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...