From the course: Splunk for Security Analytics and Monitoring
Join today to access over 24,700 courses taught by industry experts.
Configuring Snort IDS alerts for Splunk - Splunk Tutorial
From the course: Splunk for Security Analytics and Monitoring
Configuring Snort IDS alerts for Splunk
- [Instructor] We all know how important security monitoring has become with our IT environments. Think about your network. Do you have security appliances deployed, perhaps on the network perimeter? Or do you have security solutions that are hardware-based or maybe software, agent-based running on servers? Do you have some kind of security software running on endpoint devices including malware detection? The answer is probably, yes to some if not all of those questions. Well, let's say that we have a situation where we've got a Linux server that is using the free open source Snort Intrusion Detection System to detect suspicious activity on the network and on that host. What we want to do is we want to take that alert information from that intrusion detection sensor and have it sent to Splunk Enterprise to be indexed. That's what we're going to do. So here, we've got a Linux host, it's Ubuntu Linux. The first order of…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
(Locked)
Forwarding Linux logs to Splunk10m 16s
-
(Locked)
Forwarding Windows log events to Splunk10m 48s
-
(Locked)
Monitoring Windows files8m 46s
-
(Locked)
Monitoring Windows printers7m 16s
-
(Locked)
Configuring Snort IDS alerts for Splunk7m 32s
-
(Locked)
Configuring an HTTP Event Collector (HEC)7m 54s
-
(Locked)
Forwarding Microsoft AD events to Splunk Cloud9m 1s
-
(Locked)
-
-