Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

using splunk for security-based applications

whitehatsec
Engager
‎07-26-2013 07:16 PM

I am hoping to use splunk for security based applications and was hoping for some suggestions as to the better ones available. I mostly want to be able to monitor what traffic goes in/out of my network and, if possible, see what files are changing or being added/deleted from key machines.

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎07-28-2013 09:40 PM

To be clear, Splunk is not going to sniff your network. It does have a limited ability to monitor for some file system changes. But primarily, it is a data collection and analysis engine, which means that the actual data has to be gathered by some other program or device. For example, your router or firewall will have to log its activity and send it to Splunk, and if you choose, you can use system facilities like auditd or NTFS auditing to record file system change activity and send it to Splunk for monitoring, alerting, storage, investigation, and analysis.

So, the appropriate applications for use with Splunk are the ones that support the devices and programs that you might have on your network, e.g., if you have Palo Alto Networks firewalls, the Palo Alto Networks app would be what you'd want. On top of that, the Splunk Enterprise Security app pulls together some out-of-the-box analytics on data that you send to Splunk as well.

0 Karma
Reply
Get Updates on the Splunk Community!

See Splunk Platform & Observability Innovations at Cisco Live EMEA

Hi Splunkers, Learn about what’s next for Splunk Platform at Cisco Live EMEA.  Data silos are a big challenge ...

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...