Security

IT Security Guys - What are YOU using splunk to display?

mrgibbon
Contributor

Hey Guys, I just wanted to find out what other IT security teams are doing with splunk.
I have a number of dashboards displaying information for us, including:

Microsoft AD - Failed logins, account lockout numbers etc

Symantec SEP - Latest alerts, figures on most infections by machine, user and malware type.

Web - number of 404's detected in the last 60 mins, 24hour. this helps with detecting folder enumeration etc.
Number of /etc/passwd attempts etc.

So, Im trying to get other ideas.
What are YOU using this great tool for?

Thanks,.

Tags (1)

agrachevBLK
Explorer

For firewalls (Checkpoints): number of accepts/denies for a particular service (port) (i.e. profiling.)
Also for baselining: log voulumes for every type of events.

frankd_
Engager

Failed login attempts, locked accounts, uncategorized website attempts (based off of Websense), outbound compressed file traffic, cleared event logs, specific query alerts, etc.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...