Security

detect web application vulnerabilities

szone
Engager

hi

I want to detect web vulnerabilities for example "XSS" or " SQLI" with splunk. for this target i collect apache log into my splunk server. and till now I find match string with signature based rule for detect them and its implement with Regex in search app of splunk. so my question is there any other way to detect this vulnerabilities without app or with app (ex :Splunk Enterprise Security)?

thanks!

Labels (1)
0 Karma

m_pham
Splunk Employee
Splunk Employee

Looks like you want scheduled searches - tweak as needed for your alert actions.

https://docs.splunk.com/Documentation/Splunk/latest/Search/Schedulingsearches

------
Certified Splunk Whisperer
0 Karma

szone
Engager

thanks, but i have to write a app for detecting XSS attack with splunk.
can you help for it?

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!