During the implementation of hundreds of deployments for Splunk customers of Enterprise Security, the following COMMON DATA SOURCES are widely used for Security, Compliance & Fraud.

Network, Server & Storage

  • SNMP
  • Wire data
  • DHCP
  • Firewall
  • FTP and IDS logs
  • Network access control
  • File access control
  • Network switches and routers
  • Wireless network logs
  • NetFlow
  • Proxies
  • OS logs: NTsyslog, Snare, DHCPD, Linux Secure, AIX Secure, OSX Secure, Syslog, WinEvent, etc.
  • Patch logs
  • VMware server logs
  • AWS logs: CloudTrail, CloudWatch, Config, etc.
  • Storage logs

Application and User

  • Malware protection logs
  • Endpoint activity
  • Application error logs
  • Application authentication logs
  • Vulnerability scanning
  • Mail server logs
  • Active Directory, LDAP, VPN
  • SDLC security test logs
  • Mobile devices
  • Physical card reader logs

 

Other sources

  • Threat lists
  • OS and IP blacklists
  • Restricted ports and protocols
  • Vulnerability lists
  • Social media feeds
  • Training logs