Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

using splunk for security-based applications

whitehatsec
Engager
‎07-26-2013 07:16 PM

I am hoping to use splunk for security based applications and was hoping for some suggestions as to the better ones available. I mostly want to be able to monitor what traffic goes in/out of my network and, if possible, see what files are changing or being added/deleted from key machines.

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎07-28-2013 09:40 PM

To be clear, Splunk is not going to sniff your network. It does have a limited ability to monitor for some file system changes. But primarily, it is a data collection and analysis engine, which means that the actual data has to be gathered by some other program or device. For example, your router or firewall will have to log its activity and send it to Splunk, and if you choose, you can use system facilities like auditd or NTFS auditing to record file system change activity and send it to Splunk for monitoring, alerting, storage, investigation, and analysis.

So, the appropriate applications for use with Splunk are the ones that support the devices and programs that you might have on your network, e.g., if you have Palo Alto Networks firewalls, the Palo Alto Networks app would be what you'd want. On top of that, the Splunk Enterprise Security app pulls together some out-of-the-box analytics on data that you send to Splunk as well.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...