Hi helpful people,
I am trying to create a use case which will monitor source and destination traffic(like both communicating with each other)
For eg, malicious src connecting with internal IP's and Internal Ip's responding back to the same destination.
The idea is monitor internal sources that communicating outside and outside responding back to same source and to record the bytes_out, bytes_out and port details.
The 'ES Content Updates' great Splunk app for various security tactics, techniques, and methodologies that help with detection, investigation, and response. For your use case, below Analytic Story might help you.
The 'ES Content Updates' great Splunk app for various security tactics, techniques, and methodologies that help with detection, investigation, and response. For your use case, below Analytic Story might help you.
@ashferns08
If my answer helped you, please accept and/or upvote it!
Hi Jawaharas, Thank you for the update. however i don't have permissions to install more apps on splunk we are running. Thank you though