Security

overall security dashboard

emada
New Member

trying to make a dashboard for overall security in splunk.
here is a few of the searches i have:
Webattacks - index=main "../etc/passwd" OR "union select" OR "javascript:" OR "

Tags (1)
0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

First, you should use eventtypes for failed login (windows and Unix apps should do that for your) and try to normalize your data (see the CIM standard). This will help you to simplify your queries, make them faster using the datamodel, and when you need a more advanced security solution, will simplify your migration to Enterprise Security.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

They're stored within the app configuration, just like with any other app.

0 Karma

emada
New Member

do you happen to know where to find the queries its using?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You should take a look at the Enterprise Security app: http://apps.splunk.com/app/263/

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...