Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Network traffic for Windows Update (Firewall logs)

a_n
Path Finder
‎06-04-2021 12:33 AM

Hello,
I am checking a firewall log (Watchguard firebox) to monitor the network traffic for a windows LAN.
I need to filter out the network load related to Windows Updates.
The watchguard fields do not have sni in all records (sometime I have sni=download.microsoft.com, but sometimes sni is empty but destination IP is always available)

Is there a list of the IPs used for windows update?
( I did not manage to find it)
Is there another way to segregate the windows update traffic from other traffics?

Appreciate if you share your ideas.

Thank you.

Tags (1)
0 Karma
Reply

a_n
Path Finder
‎07-14-2021 12:03 AM

Hello,

Anyone can advise?

Thank you.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...