Splunk Search

Is it possible to know the amount of data passing through an ASA firewall

fdarrigo
Path Finder

I would like to identify data ex filtration through my Cisco ASA firewalls. Is this possible? Can you provide a sample query?

0 Karma

nkwong_splunk
Splunk Employee
Splunk Employee

I'd try experimenting with the Splunk Add-on for Cisco ASA (https://splunkbase.splunk.com/app/1620/) since it appears that one of the metrics that maps to the Common Information Model (CIM) is 'Network Traffic'.
http://docs.splunk.com/Documentation/AddOns/latest/CiscoASA/DataTypes

I don't currently have a Cisco ASA to test with, but this add-on may help to provide enough information to run a search against the network traffic fields such as 'bytes', 'bytes_in', or 'bytes_out'. Here is more information on the 'Network Traffic' data model for the Common Information Model.
http://docs.splunk.com/Documentation/CIM/4.3.1/User/NetworkTraffic

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...