Is there a way to search for internal to external traffic?
The network I work on is pretty locked down and any internal ip attempting to connect to an external source or vice versa
would be considered suspicious. The SIEM we use is broken at the moment so a quick fix would be to look at internal to external
traffic through Splunk. I'm not an expert at Splunk and was wondering if something like this is possible. Maybe equate internal to source and external to destination? Basically any query that could get me internal to external traffic. How could I search for internal hosts going to an external source?
... View more