Hi Guys,
need answers for below information which is relate to only Splunk application
Path/Query/log file/Index | |
1. Authentication | |
Conditional control not met | |
Disabled/ Locked account | |
Expired token/certificate | |
Failed logins | |
Invalid Credentials | |
MFA check failed | |
Successful logins | |
When someone is elevating their permissions and accessing mail of another user | |
2. Authorization | |
Failed authorization | |
Resource does not exist | |
Successful authorization | |
User not authorized | |
3. Change | |
Add Integrated Application / Service Configuration | |
Change to authentication scheme | |
Change to IP allow list | |
Change to MFA requirements | |
Changes to Authentication or Authorization methods | |
Remove Integrated Application / Service Configuration | |
4. User Management | |
Add Group to Group | |
Add User or Group | |
Create certificate | |
Create Role | |
Create token | |
Create User | |
Delete Role | |
Delete User | |
Diable token | |
Elevate User to priviledged status | |
Remove Group to group | |
Remove user from priviledged status | |
Remove User or Group | |
Revoke certificate | |
Revoke Role | |
Revoke User | |
Update Role | |
Update User | |
5. Access | |
User accessing a sensitive data object | |
User accessing multiple sensitive data objects | |
User action performed with sensitive data | |
6 Jobs and activity | |
Activity / Performance Indicators | |
Debug logs | |
System Errors/Warnings | |
System Power Down | |
System Power Up | |
System Service Start | |
System Service Stop |
You haven't written much except for copy-pasting some table. I suspect you have some internal compliance project and must do an inventory of if/how you log various events across your environment and have a standardized form for it.
Well, this is something you typically either do yourself or pay someone with sufficient knowledge to do this for you. This is a community driven forum where people voluntarily help each other, not do other people's work for free. It doesn't work that way.
If you need pointers where to look for docs which might describe what you're looking for, we'll be happy to help if we can, just be a bit more verbose about what you're looking for. But if you got a task from your boss that you don't know even how to approach (or simply are lazy and thought someone would do it for you) then sorry, that's a consultancy job you typically pay big bucks for.
This looks like some sort of product evaluation matrix, although, to be honest, it could be almost anything!
I am not sure, and, I suspect, none of the other volunteers would know, how to fill this in without more detail on each criteria and what sort of answers you are expecting. Even if they did know, there is an awful lot of information that you appear to be requesting, and it seems a little unreasonable for you to expect volunteers to spend a lot of time providing you with answers.
Hi @phanikumarcs .. As said by @ITWhisperer ... this could mean many things to many people.
pls be more specific and please provide more details.
1) for which Splunk app?.. Splunk app for windows / unix linux? DB Connet?.. etc
2) are you looking to document all these details of that excel file, of a required Splunk App?
3) may i know, if you are looking to develop a new Splunk app or documenting an existing app?
Yes, i need those details. I mean for suppose in our splunk application having an Authentication(successful logins, failed logins)these where data available in splunk