Experts,
We are a financial institution using Splunk to capture Failed login count by username and IP address. We use 100s of application within our enterprise, and not every application writes failed login attempts with username and IP details. There are 10s of vendor applications that only provide username, but, no IP address. So, we are thinking to get the Failed Login and username from the logs and do an automatic lookup for IP address matching the username. Please advise
a) if this is feasible as IP address is not going to be static all the time
b) From where to get the user, IP address details as I have no knowledge on Networking. Please advise if that will be available in LDAP, AD, Firewall Logs etc.. so that I can request our network team to provide it
... View more