Security

using splunk for security-based applications

whitehatsec
Engager

I am hoping to use splunk for security based applications and was hoping for some suggestions as to the better ones available. I mostly want to be able to monitor what traffic goes in/out of my network and, if possible, see what files are changing or being added/deleted from key machines.

Tags (1)
0 Karma

gkanapathy
Splunk Employee
Splunk Employee

To be clear, Splunk is not going to sniff your network. It does have a limited ability to monitor for some file system changes. But primarily, it is a data collection and analysis engine, which means that the actual data has to be gathered by some other program or device. For example, your router or firewall will have to log its activity and send it to Splunk, and if you choose, you can use system facilities like auditd or NTFS auditing to record file system change activity and send it to Splunk for monitoring, alerting, storage, investigation, and analysis.

So, the appropriate applications for use with Splunk are the ones that support the devices and programs that you might have on your network, e.g., if you have Palo Alto Networks firewalls, the Palo Alto Networks app would be what you'd want. On top of that, the Splunk Enterprise Security app pulls together some out-of-the-box analytics on data that you send to Splunk as well.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...