Splunk Enterprise Security

Anyone using F5 GTM's and using the logs for anything?

cmeisch
Explorer

We have an idea to use the logs from these systems for DDOS detections. Was wondering if anyone has props\transfers that will parse\normalize\model them?

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

There is an F5 app in Splunkbase that we've used before at several clients, iirc.

0 Karma

cmeisch
Explorer

I didnt see anything that addressed the GTM though. Did I miss it?

0 Karma

cmeisch
Explorer

well I missed this: https://splunkbase.splunk.com/app/2680/

Will check this out.

0 Karma