Posts

Showing posts from May, 2024

SIEM(Splunk) dashboard creation - Firewall

Image
Summary: In this blog we are going to create a Firewall Dashboard in SIEM tool Splunk which helps an organization to visualize its security in real-time. Dashboards : Dashboard consists of one or more panels displaying data visually, presenting it in a useful way in form of events, tables or charts which can be used to measure, monitor & analyze revelant key areas. Now, we will go forward and create a firewall dashboard which will help us in better analyzing our data. (P.s We have already uploaded firewall logs on splunk. Please check this blog -  https://bit.ly/3UQWoBP) First, we will install this "Infosec" app from -  https://splunkbase.splunk.com/app/4240 which adresses most common security issues and we will create the same dashboard. Dashboard Panels : Panels that our dashboard will have are: 1-  Blocked connections : (   We are using Palo Alto traffic logs to find out all the blocked connections) index=botsv2 sourcetype="pan:traffic" action=blocke...