Rogue System Detection with Splunk

November 7, 2014

This Splunk search allows you to be alerted when a new IP is seen by Bro. The requirements for this alert to work are the bro_known_hosts log and a CSV with all allowed IP addresses. Setup the CSV as an automatic lookup table. The automatic lookup table is setup based on the host (securityonion) and […]

0

Splunk free Configuration

March 14, 2014
Tags: ,

Splunk Free This is the second post in how to setup pfSense, Squid, and Splunk. Here is a link to the first post, pfSense, Squid, and Splunk free Sometime around 2013 Splunk switched to a paid and free version. The free version does not allow for emailed alerts or user authentication. For this post, I will […]

0

pfSense, Squid, and Splunk free

March 14, 2014

pfSense and Squid I am continuously impressed with the amount and quality of free software that is available on the internet. pfSense is an open source firewall based on FreeBSD with a web based interface and easy to add packages. It has most standard firewall features, but also includes advanced features such as VPN, captive portal, […]

0