Uploading demo logs and analyzing Firewall logs
Summary: In this blog, we are going to download demo logs from GitHub and upload, understand and analyze FortiGate and Palo alto raw logs. Uploading logs to Splunk : We will start by downloading the dataset from https://github.com/splunk/botsv1 this site. Here in the below pic, you can see two different datasets ( One containing normal and attack logs and the other one containing only attack logs). I am downloading the attack logs. This dataset contains different types of logs as shown below. As the botsv1 dataset contains only FortiGate firewall logs for Palo Alto logs we will download the botsv2 dataset from this site https://github.com/splunk/botsv2 Uploading logs to Splunk: After downloading both the datasets, extract and copy both the folders and paste them to InstallationPath/Splunk/etc/apps After this step, we will allow Splunk to parse the logs for a few seconds and then check as shown below. Here, we can see that both the datasets have been uploa...