hi
I want to detect web vulnerabilities for example "XSS" or " SQLI" with splunk. for this target i collect apache log into my splunk server. and till now I find match string with signature based rule for detect them and its implement with Regex in search app of splunk. so my question is there any other way to detect this vulnerabilities without app or with app (ex :Splunk Enterprise Security)?
thanks!
Looks like you want scheduled searches - tweak as needed for your alert actions.
https://docs.splunk.com/Documentation/Splunk/latest/Search/Schedulingsearches
thanks, but i have to write a app for detecting XSS attack with splunk.
can you help for it?