Connection between traffic in firewall logs

Splunk Enterprise

Hi, guys,I need your swarm intelligence.
I'm supposed to write a use case that detects a very specific traffic pattern.
Specifically, this is about an SRC system sending a packet to a destination system on destination port 161 and within 10 minutes this destination system sends a "response" "connection" to another system on destination port 69. Here the 2nd destination system can be the 1st SRC system or another.

I can't get a real transaction here because there is no identifier except that the 1st destination system becomes the SRC system.

I thank you for your time and effort!

Get Updates on the Splunk Community!

Connection between traffic in firewall logs

configuration

development

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation

Connection between traffic in firewall logs

configuration

development

using Splunk Enterprise

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...