Security
Highlighted

using splunk for security-based applications

Engager

I am hoping to use splunk for security based applications and was hoping for some suggestions as to the better ones available. I mostly want to be able to monitor what traffic goes in/out of my network and, if possible, see what files are changing or being added/deleted from key machines.

Tags (1)
0 Karma
Highlighted

Re: using splunk for security-based applications

Splunk Employee
Splunk Employee

To be clear, Splunk is not going to sniff your network. It does have a limited ability to monitor for some file system changes. But primarily, it is a data collection and analysis engine, which means that the actual data has to be gathered by some other program or device. For example, your router or firewall will have to log its activity and send it to Splunk, and if you choose, you can use system facilities like auditd or NTFS auditing to record file system change activity and send it to Splunk for monitoring, alerting, storage, investigation, and analysis.

So, the appropriate applications for use with Splunk are the ones that support the devices and programs that you might have on your network, e.g., if you have Palo Alto Networks firewalls, the Palo Alto Networks app would be what you'd want. On top of that, the Splunk Enterprise Security app pulls together some out-of-the-box analytics on data that you send to Splunk as well.

0 Karma