Getting Data In

What system logs are needed to deploy Splunk effectively and cover the SANS top 20? Need to determine where to deploy forwarders

jardakanian
New Member

Hi

I am deploying Splunk in an environment and would like to capture as many security aspects from the SANS top 20 as possible. I am not too technical, so I am hoping someone will be able to help me determine what type of logs I will actually need access to so I know where to deploy my forwarders.

0 Karma

Richfez
SplunkTrust
SplunkTrust

This is a big topic.

Luckily for you, Splunk has at least made an attempt at compiling some of this information for you in their "Splunk and the SANS stuff" document. That's not its real name, by the way. The document explains the SANS CSC, what they are and how Splunk can help. It also lists the Apps that Splunk has available to read the data out of the various other pieces of software, too.

You can find that document at their shortcut to SANS link which requires a free registration. You could also find that same PDF if you search using one of the better search engines for "Splunk SANS". I'm just sayin'.

I also think actual application and notes about the various CSCs would be well placed in the Splunk Wiki, because I'll bet there are a lot of people who could use the details of how to actually do this. But really, the usual difficulty is one of figuring out what needs to be done; once you've defined your needs fairly well the rest just becomes a simple technical detail.

Happy SANS hunting!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...