## architecture The data is created as the well known wordpress WAF plugin 'wordfence' by Defiant Inc detects attack patterns on the website itself. It is then transferred to the splunk HTTP Event Collector (HEC). There it can be correlated with other security information relevant for your organization or its processes. The ingestion via python skript + HEC (see ) does work even for *-as-a-service offerings, where you are not allowed to work with the splunk universal forwarder. ## Use Cases The wfence App for Splunk provides dashboards to visualize attack data in Splunk, announcing critical situations such as: * missing patches * Potential administrator login takeover * Brute force attacks on the login pages * Potential integrity loss on the website * attack distribution patterns over certain users over time * distribution of attacking clients based on IP Geolocation services