Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk as a web application security tool

logjam01
Engager
‎11-01-2020 05:02 PM

I am relatively new to Splunk as it is really used.

My previous usage has all been ad hoc when it was made available to me for log analysis after an "event". That usage was mostly the equivalent of egrep + regular expressions.  Splunk and I got the job done.

I am finally in a place where all the features of Splunk are being ( or are intended to be ) used. 

I am being asked if Splunk can function as a web application security testing tool - ala BurpSuite or ZAP or Nikto or the like.

My take is no - that Splunk can perform analysis functions after the fact that can potentially reveal and alert on web application security issues - but it is not a substitute for dedicated tools of the sort previously mentioned.

Have I got this right?

Thanks!

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-01-2020 11:14 PM

Hi @logjam01,

Splunk isn't a scanner, Splunk is a log management and a correlation system system (in addition to an infinity of other things) so you can use it to tale the results of a scan and correlate them with its informations about different systems.

e.g.: Splunk Mission Control integrates Tenable.io to have the scan results in the same interface.

You should understand the features of Splunk to understand what to do with him and what to do integrating a different tool.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎11-01-2020 11:14 PM

Hi @logjam01,

Splunk isn't a scanner, Splunk is a log management and a correlation system system (in addition to an infinity of other things) so you can use it to tale the results of a scan and correlate them with its informations about different systems.

e.g.: Splunk Mission Control integrates Tenable.io to have the scan results in the same interface.

You should understand the features of Splunk to understand what to do with him and what to do integrating a different tool.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...