Bluecoat app search ideas?

eblackburn · ‎08-15-2019

Hello,

I'm relatively new to Splunk and have been looking for ideas on searches I could use in our environment with regards to the Bluecoat add-on.

One scenario I'd be especially interested in is utilizing the transaction command, based on referring URLs, to potentially pinpoint what's causing a certain website not to load properly in a transparent proxy deployment. Does anyone run into this problem and use Splunk to troubleshoot it? I've been doing this so far without using transaction, but know there's a lot of potential there.

Any ideas on this or other scenarios would be appreciated. I'm just wondering how others are using the add-on for troubleshooting or threat hunting, etc. What are some of the use cases you've explored and searches you run frequently?

Thank you!

Sukisen1981 · ‎08-15-2019

had a look at this? - https://splunkbase.splunk.com/app/2758/#/overview

eblackburn · ‎08-15-2019

Yep, thank you for the link. We are already installed and configured. I'm just looking for ways others are using it from a searching and reporting standpoint, especially around website troubleshooting. (i.e. this website won't load for a user, so let's apply a particular search to the scenario, similar to how you might use output from Chrome Developer Tools or getting a .har file). I'm already doing that now, but know that there's probably a lot to be gained by using transactions.

Bluecoat app search ideas?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases