- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can splunk identify bank details being changed on ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can Splunk identify a pattern in which fraud is occurring, for example, emails asking to change bank accounts, emails from spoofed execs’ accounts, bank details being changed on a system, large payments being made by people who have high risk markers and then can Splunk put in policies to stop a payment in real time, rather than rely on someone retrospectively reviewing a report?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk can do pretty much anything, if the data is there.
Emails asking to change a bank account... By itself, that is not fraud. It would have to be correlated with some other event. What event? Splunk would have to contain an event that records the email, and an event that records some other thing. For instance, changing addresses and then ordering a new card within a short time is often used as a trigger for review. So, if the record of the address change and the record of the card request are in Splunk, then Splunk can alert on it.
Emails from spoofed exec account... if the emails are in the Splunk system, and if the exec is used as the from, but the email address is not the exec's, that certainly could be alerted off of Splunk.
Splunk can execute code of various kinds as part of its alerting system, but the policy of when it should do what, and the correlation of what events to use as the basis for making those decisions, needs to be made by the business.
I am not saying that splunk SHOULD be used for the function... that's an architectural decision with lots of variables. I'm saying that it CAN be used for the function.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk can do pretty much anything, if the data is there.
Emails asking to change a bank account... By itself, that is not fraud. It would have to be correlated with some other event. What event? Splunk would have to contain an event that records the email, and an event that records some other thing. For instance, changing addresses and then ordering a new card within a short time is often used as a trigger for review. So, if the record of the address change and the record of the card request are in Splunk, then Splunk can alert on it.
Emails from spoofed exec account... if the emails are in the Splunk system, and if the exec is used as the from, but the email address is not the exec's, that certainly could be alerted off of Splunk.
Splunk can execute code of various kinds as part of its alerting system, but the policy of when it should do what, and the correlation of what events to use as the basis for making those decisions, needs to be made by the business.
I am not saying that splunk SHOULD be used for the function... that's an architectural decision with lots of variables. I'm saying that it CAN be used for the function.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Probably - depending on exactly what you're trying to do. But not out of the box. Talk to your sales rep.
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
