I have a few million IPS security logs every month to analyse:
need to assess the top few events & assess if they are valid
concern or invalid with reasons to be given.
if the source & destination are both internal source IP
addresses, then not a concern;
if source is an external public IP, then is it a known
malicious source ?
Is behaviour of the events malicious/suspicious?
Can Splunk perform the above functions?
Is Splunk free & what is the system requirement to run it
(Can Win XP, Win 7 run it, what's the amt of RAM, ... ?
Pls point me to a Quick Start User guide to get me
started to use & do the analysis