Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk & Security with Oracle, SQL, Teradata WITHOUT using Enterprise Security

mmensch
Path Finder
‎01-07-2016 07:57 AM

Good morning,

I am currently conducting research on using Splunk to monitor 3 types of databases in terms of security events. As the title states, the databases are Oracle, SQL, and Teradata.

The end goal is to write rules using Splunk's SPL to catch and/or prevent fraud, breaches, or anything else in terms of security. Due to the cost of Enterprise Security, I am not considering this at this point in time.

I was wondering if there are any native apps that contain pre-built searches, functions, inputs relating to security? If not, I was wondering what the next best practice would be, such as enabling auditing and sending the audit logs to Splunk, etc... If this is the case, what specific files and/or tables would be useful?

Thanks,
Matt

0 Karma
Reply

altink
Contributor
‎06-12-2019 05:54 AM

Hi @mmensch

If you would accept a partial solution - Oracle only - you can watch for:

Omega Core Audit App for Splunk (at Splunkbase)

Which requires:

Omega Core Audit (at DATAPLUS)

best regards,
Altin Karaulli
DATAPLUS

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-07-2016 08:32 AM

There is the Splunk Add-on for Oracle (https://splunkbase.splunk.com/app/1910) that may help. There's also an app for Teradata. You don't say what kind of SQL database you have, but there's probably an app for that, too. Check splunkbase.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!