Hi SSievert
Thanks for your answer, actually we are planning to deploy Splunk in our Environment, we are evaluating license status if it will be enough for current packet capturing. Currently we use another Security product that also can capturing packets and we write rules to do some security related alerts/incidents creation, and also dig out some potential risks in our environment. So besides logs, packet capturing and investigation is also very important for us.
We setup many Use cases that may index packet meta data, like clear text password finding, Botnet tracing and IOC detection, etc.
BR
Nelson
... View more