Alerting

Any common useful alerts for an environment with Windows and Redhat?

carefulrelish
New Member

Hi community,

I was wondering if there was a collection of useful alerts for an environment that has both Windows and Red Hat boxes such as errors and suspicious behavior. My team is looking at getting Splunk Enterprise Security in the future, but anything useful now for less advantage Splunk people would be great!

Thanks in advance!

0 Karma

muebel
SplunkTrust
SplunkTrust

Hi carefulrelish, check out the Common Information Model app (CIM) It makes use of data models to allow for a single searchable interface. This is part of the way that ES can use single correlation searches that search over disparate data sources. (windows and nix authentication events for instance)

Please let me know if this answers your question!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...