Splunk Enterprise Security

How to track inbound and outbound traffic from firewall logs

Engager

Hi helpful people,

I am trying to create a use case which will monitor source and destination traffic(like both communicating with each other)

For eg, malicious src connecting with internal IP's and Internal Ip's responding back to the same destination.

The idea is monitor internal sources that communicating outside and outside responding back to same source and to record the bytes_out, bytes_out and port details.

0 Karma
1 Solution

Motivator

The 'ES Content Updates' great Splunk app for various security tactics, techniques, and methodologies that help with detection, investigation, and response. For your use case, below Analytic Story might help you.

-->Prohibited Traffic Allowed or Protocol Mismatch

View solution in original post

0 Karma

Motivator

The 'ES Content Updates' great Splunk app for various security tactics, techniques, and methodologies that help with detection, investigation, and response. For your use case, below Analytic Story might help you.

-->Prohibited Traffic Allowed or Protocol Mismatch

View solution in original post

0 Karma

Motivator

@ashferns08
If my answer helped you, please accept and/or upvote it!

0 Karma

Engager

Hi Jawaharas, Thank you for the update. however i don't have permissions to install more apps on splunk we are running. Thank you though

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!