using splunk for security-based applications

whitehatsec · ‎07-26-2013

I am hoping to use splunk for security based applications and was hoping for some suggestions as to the better ones available. I mostly want to be able to monitor what traffic goes in/out of my network and, if possible, see what files are changing or being added/deleted from key machines.

gkanapathy · ‎07-28-2013

To be clear, Splunk is not going to sniff your network. It does have a limited ability to monitor for some file system changes. But primarily, it is a data collection and analysis engine, which means that the actual data has to be gathered by some other program or device. For example, your router or firewall will have to log its activity and send it to Splunk, and if you choose, you can use system facilities like auditd or NTFS auditing to record file system change activity and send it to Splunk for monitoring, alerting, storage, investigation, and analysis.

So, the appropriate applications for use with Splunk are the ones that support the devices and programs that you might have on your network, e.g., if you have Palo Alto Networks firewalls, the Palo Alto Networks app would be what you'd want. On top of that, the Splunk Enterprise Security app pulls together some out-of-the-box analytics on data that you send to Splunk as well.

using splunk for security-based applications

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join the Conversation

using splunk for security-based applications

Unlock Database Monitoring with Splunk Observability Cloud

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk