Security

detect web application vulnerabilities

szone
Engager

hi

I want to detect web vulnerabilities for example "XSS" or " SQLI" with splunk. for this target i collect apache log into my splunk server. and till now I find match string with signature based rule for detect them and its implement with Regex in search app of splunk. so my question is there any other way to detect this vulnerabilities without app or with app (ex :Splunk Enterprise Security)?

thanks!

0 Karma

m_pham
Splunk Employee
Splunk Employee

Looks like you want scheduled searches - tweak as needed for your alert actions.

https://docs.splunk.com/Documentation/Splunk/latest/Search/Schedulingsearches

0 Karma

szone
Engager

thanks, but i have to write a app for detecting XSS attack with splunk.
can you help for it?

0 Karma
Get Updates on the Splunk Community!

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

  Now On Demand  Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...