Security

overall security dashboard

emada
New Member

trying to make a dashboard for overall security in splunk.
here is a few of the searches i have:
Webattacks - index=main "../etc/passwd" OR "union select" OR "javascript:" OR "

Tags (1)
0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

First, you should use eventtypes for failed login (windows and Unix apps should do that for your) and try to normalize your data (see the CIM standard). This will help you to simplify your queries, make them faster using the datamodel, and when you need a more advanced security solution, will simplify your migration to Enterprise Security.

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

They're stored within the app configuration, just like with any other app.

0 Karma

emada
New Member

do you happen to know where to find the queries its using?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

You should take a look at the Enterprise Security app: http://apps.splunk.com/app/263/

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...