Splunk Enterprise Security

How to track inbound and outbound traffic from firewall logs

ashferns08
Engager

Hi helpful people,

I am trying to create a use case which will monitor source and destination traffic(like both communicating with each other)

For eg, malicious src connecting with internal IP's and Internal Ip's responding back to the same destination.

The idea is monitor internal sources that communicating outside and outside responding back to same source and to record the bytes_out, bytes_out and port details.

0 Karma
1 Solution

jawaharas
Motivator

The 'ES Content Updates' great Splunk app for various security tactics, techniques, and methodologies that help with detection, investigation, and response. For your use case, below Analytic Story might help you.

-->Prohibited Traffic Allowed or Protocol Mismatch

View solution in original post

0 Karma

jawaharas
Motivator

The 'ES Content Updates' great Splunk app for various security tactics, techniques, and methodologies that help with detection, investigation, and response. For your use case, below Analytic Story might help you.

-->Prohibited Traffic Allowed or Protocol Mismatch

0 Karma

jawaharas
Motivator

@ashferns08
If my answer helped you, please accept and/or upvote it!

0 Karma

ashferns08
Engager

Hi Jawaharas, Thank you for the update. however i don't have permissions to install more apps on splunk we are running. Thank you though

Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...