All Apps and Add-ons

How to create a search that will show me any and all changes an admin made to firewalls?

theSOCguy
Engager

Hello World, 

I am attempting to create a search in Splunk that will provide me with any and all changes an admin made to our firewalls. This is part of a "governance" task and we have logs coming from the FWs. Any pointers will be appreciated. 

Best,

AD

Labels (1)
Tags (2)
0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

What do the events that you have coming in look like? For example, fields you have extracted from the events, or do you need help extracting the fields?

theSOCguy
Engager

@ITWhisperer I'm sitting down with the people that configured Splunk for this network. I cant even get basic logs to pull-up via a simple search. Might be a configuration issue. I will get back to you once I have some logs to work with. 

Tags (1)
0 Karma