Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Notification for Server Code Changes

brandoncmurphy
New Member
‎09-09-2019 09:26 AM

I need to create an automatic notification that triggers anytime one of our development team makes a change to the code for one of the web servers for our website. The specifics of the notification don't need to be complex.

Basically if/when Bob makes a change to the code for www. fakewebsite. com, I need to be notified because Bob has a tendancy to forget to let others know. However, I also need to know when he makes changes to ww1. fakewebsite. com. Additionally, I also want to be notified if Tom or Harry or anyone else make changes. So simply monitoring Bob's activity does not cover the need.

For security reasons, I can't provide specific server names or addresses, so please just use a stand in for any examples.

0 Karma
Reply

woodcock
Esteemed Legend
‎09-09-2019 03:36 PM

You need another tool such as TripWire or fsmon and Splunk the output from those:
https://github.com/nowsecure/fsmon

Reply

jacobpevans
Motivator
‎09-09-2019 02:39 PM

Basically if/when Bob makes a change to the code for www. fakewebsite. com

Where is the code stored? Is it compiled or raw text? Assuming you have access to C:\fakepath\coderepository\code.js (or even the compiled exe), you can use this article to help you monitor for file changes: https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows. If properly set up, the fields Sid and User will have the information you're requesting.

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma
Reply

brandoncmurphy
New Member
‎09-10-2019 11:54 AM

How can I correlate Sid values with a specific user? Additionally, I am returning millions of results when monitoring WinEventLog:Security, is there a reliable way to filter for changes to the code?

If you can't already tell, I am quite new to Splunk and IT as a whole.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...