I am trying to leverage splunk for NERC Compliance, but more than just logging. I want to get baseline configuration which captures OS, Patches, Software, and Port and Services.
My idea was to have the system generate the information and write it to a file and have the splunk universal forwarder monitor the file daily.
There would be a cronjob that would run daily to execute the commands like:
1) netstat -ano
2) uname -r
3) rpm -qa
This would then get ingested into Splunk. How has the community been using Splunk for NERC Baseline compliance? Are there any add-ons that could help?
It would need to be able to track changes to the baseline of allowable port and services, change records of the change, and run reports on a baseline of a particular day. This last part I was thinking of using a dash board or creating a table.
Thoughts or suggestion?
... View more