Hello folks,
Is Splunk able to help me generate rules to put on an ASA?
We're running an ASA in transparent mode with a single allow rule, logging all traffic seen through to Splunk. The plan is to take that data generated and build the ruleset for the firewall based on a ratified version of the data. I was thinking of first running a report that does a summary of all destination addresses, sorted by number of occurrences, and then for each of the results, a further report to show me the ports that were connected to on those IP's. Which I can see working just fine.
So, my question really is: Is there a slicker and quicker way of generating this data? I've toyed with writing a Python script to chew through the logs, but I'd rather have it all centralised in Splunk.
Any guidance will be gratefully received.
Best, Leigh
... View more