Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Index, gather, and graph Firewall flows

bartabass
Engager
‎01-18-2013 02:16 AM

Hi,

I'm trying tos earch a way to identify firewall flows on a whole Information System.
As I want to use Splunk Power..I'm trying to know if this scenario is possible and how (with which apps) :
Scenario:
- Deploy Splunk agents on firewall log collectors or servers, and routers (accept[andreject ?])
- Gather & Index Data with splunk
- Draw from Network IP level (logical IP view) the flaws coming from a subnet to another..

Is it possible ? Crazy ?

Thanks in advance for your suggestions.

NB: Benefit will be to index bandwdth flow and calculate throughput too.. later.. But at the moment i need to know WHAT is going though my Information System 🙂

Reply

bartabass
Engager
‎01-18-2013 03:38 AM

I'm trying to find clues to HOW to do that 🙂

I read an interesting paper on another methond with afterflow,
approache is similar but less powerfull :
http://www.giac.org/paper/gcia/1651/visualizing-firewall-log-data-detect-security/109883

I plan to watch a webcast tonight on that subject :
http://searchsecurity.techtarget.com/video/Splunk-tutorial-demonstrates-how-to-use-Splunk-for-securi...

I found several visualization solutions with a post:

tnv - The Network Visualizer or Time-based Network Visualizer
http://tnv.sourceforge.net/

INAV - Interactive Network Active-traffic Visualization
http://inav.scaparra.com/about/abstract/

Will look deeper in them.

Don't hesitate to give your answer on this resarch 🙂
My position is to :
1) Index flat files into splunk (firewall logs, routers logs..etc)
2) Then maybe integrate some other dat into splunk and visualize data FROM it.. the question is HOW.

flat files ---> splunk --> graph with what app ?
inav/

..etc

Reply
Get Updates on the Splunk Community!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...