sunhux
asked on
Assessment of Splunk to analyse security logs
I have a few million IPS security logs every month to analyse:
need to assess the top few events & assess if they are valid
concern or invalid with reasons to be given.
Eg:
if the source & destination are both internal source IP
addresses, then not a concern;
if source is an external public IP, then is it a known
malicious source ?
Is behaviour of the events malicious/suspicious?
Q1:
Can Splunk perform the above functions?
Q2:
Is Splunk free & what is the system requirement to run it
(Can Win XP, Win 7 run it, what's the amt of RAM, ... ?
Q3:
Pls point me to a Quick Start User guide to get me
started to use & do the analysis
need to assess the top few events & assess if they are valid
concern or invalid with reasons to be given.
Eg:
if the source & destination are both internal source IP
addresses, then not a concern;
if source is an external public IP, then is it a known
malicious source ?
Is behaviour of the events malicious/suspicious?
Q1:
Can Splunk perform the above functions?
Q2:
Is Splunk free & what is the system requirement to run it
(Can Win XP, Win 7 run it, what's the amt of RAM, ... ?
Q3:
Pls point me to a Quick Start User guide to get me
started to use & do the analysis
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So after 60 days, so long as I pump in less than 500mb per day, the full enterprise features? As I have 6 different IPSes I tot of 6 splunks as I m currently required to analyse the 6 groups of data logs separately anyway. Tks for the other alternative products whih we can only look at freewares
ASKER
I m linux trained so as long as the full enterprise features ( other tan 500mb/day) with community support is availble, that will be great. Is there any feature to archive data or indexes say more than 6 months old? 500mb per day can grow pretty fast n we are short of storage
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
to detect suspicious activities esp high volume ones) that could do the above
function