×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
praveentandra
New Member
Member since: ‎05-09-2016
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-09-2016
Activity Feed
View All

Re: Database Intrusion Detection

by in All Apps and Add-ons
‎05-04-2017 05:31 PM
‎05-04-2017 05:31 PM
The underlying issue with the question is that anomalies are relative to something... your particular users, your particular data, your particular applications, your particular seasonality, and so on. In some companies, accessing a production database on a night or a weekend would be an anomaly. Others, FAILURE to access the database would be an anomaly. Splunk has lots of features for detecting and analyzing unusual or interesting events. The first step is to get the logs into splunk. Then, ask a question about access patterns, pull the relevant data, and get yourself a simple answer. Repeat, repeat, repeat. Whenever you find the answer is not simple, or the data is not understandable, then post some non-confidential details about the issue in a new question and we will help you figure out how to think about the data you have, or how to reorganize it to make sense. But the first step is acquiring a feed from the audit logs themselves, and getting them into splunk (or any other awesome tool) so that they can be examined. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM