Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Details for Splunk application

phanikumarcs
Explorer
‎10-14-2023 01:00 AM

Hi Guys,

need answers for below information which is relate to only Splunk application

 Path/Query/log file/Index
1. Authentication 
    Conditional control not met 
    Disabled/ Locked account 
    Expired token/certificate 
    Failed logins 
    Invalid Credentials 
    MFA check failed 
    Successful logins 
    When someone is elevating their permissions and accessing mail of         another user 
2. Authorization 
     Failed authorization 
    Resource does not exist 
    Successful authorization 
    User not authorized 
3. Change 
    Add Integrated Application / Service Configuration 
    Change to authentication scheme 
    Change to IP allow list 
    Change to MFA requirements 
    Changes to Authentication or Authorization methods 
    Remove Integrated Application / Service Configuration 
4. User Management 
    Add Group to Group 
    Add User or Group 
    Create certificate 
    Create Role 
    Create token 
    Create User 
    Delete Role 
    Delete User 
    Diable token 
    Elevate User to priviledged status 
    Remove Group to group 
    Remove user from priviledged status 
    Remove User or Group 
    Revoke certificate 
    Revoke Role 
    Revoke User 
    Update Role 
    Update User 
5. Access 
    User accessing a sensitive data object 
    User accessing multiple sensitive data objects 
    User action performed with sensitive data 
6 Jobs and activity 
    Activity / Performance Indicators 
    Debug logs 
    System Errors/Warnings 
    System Power Down 
    System Power Up 
    System Service Start 
    System Service Stop 
Labels (1)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-14-2023 03:41 AM

You haven't written much except for copy-pasting some table. I suspect you have some internal compliance project and must do an inventory of if/how you log various events across your environment and have a standardized form for it.

Well, this is something you typically either do yourself or pay someone with sufficient knowledge to do this for you. This is a community driven forum where people voluntarily help each other, not do other people's work for free. It doesn't work that way.

If you need pointers where to look for docs which might describe what you're looking for, we'll be happy to help if we can, just be a bit more verbose about what you're looking for. But if you got a task from your boss that you don't know even how to approach (or simply are lazy and thought someone would do it for you) then sorry, that's a consultancy job you typically pay big bucks for.

Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎10-14-2023 02:12 AM

This looks like some sort of product evaluation matrix, although, to be honest, it could be almost anything!

I am not sure, and, I suspect, none of the other volunteers would know, how to fill this in without more detail on each criteria and what sort of answers you are expecting. Even if they did know, there is an awful lot of information that you appear to be requesting, and it seems a little unreasonable for you to expect volunteers to spend a lot of time providing you with answers.

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-14-2023 02:43 AM

Hi @phanikumarcs .. As said by @ITWhisperer ... this could mean many things to many people.

pls be more specific and please provide more details. 

1) for which Splunk app?.. Splunk app for windows / unix linux? DB Connet?.. etc

2) are you looking to document all these details of that excel file, of a required Splunk App?

3) may i know, if you are looking to develop a new Splunk app or documenting an existing app?

0 Karma
Reply

phanikumarcs
Explorer
‎10-14-2023 03:03 AM

Yes, i need those details. I mean for suppose in our splunk application having an Authentication(successful logins, failed logins)these where data available in splunk

0 Karma
Reply
Get Updates on the Splunk Community!

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...