Splunk Dev

How to pull Meraki Syslog into Splunk in order to monitor internal port scanning?

cbcadmin
Loves-to-Learn Lots

Hey all,

I'm trying to pull in the Syslog or our Meraki MX to our on-premise Splunk Enterprise in order to monitor internal port scanning. Right now I have the Syslogs coming in via the Data input > UDP (514). I see all the data being pulled in correctly however when I search internal traffic communication it shows everything going to the broadcast IP. I'm not sure if I should be using a different method, but I would appreciate some guidance on best practices to monitor internet traffic.

Thanks!

Screen Shot 2022-07-18 at 7.16.22 AM.png

Screen Shot 2022-07-18 at 2.31.35 PM.png

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...