Scribd
Upload
16 views3 pages

Windows Logs Management in Splunk

Uploaded by

muneersurya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views3 pages

Windows Logs Management in Splunk

Uploaded by

muneersurya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Assignment 3

Utilzing Windows Machine Logs in Splunk

Three Use cases for broadcasting windows logs to Splunk:

A) Operational monitoring and Troubleshooting:

a. System performance and monitoring


There are 3 types logs in windows event logs application logs, system logs and security m
logs which can be injected to Splunk to check the computer health and performing metrics
such as CPU, memory usage, storage I/O and app crashes. It helps to find the performance
hiccups and solve the issues before they occur to end users.

b. App log evaluation:

Logs from apps as SQL server or IIS can be consolidated in Splunk to check app status, find
errors and troubleshoot problems across different servers.

c. User movement checking:


Stalking user login, logoff and period times can help in evaluating productivity, finding failed
logins and calculating system usage forms.

B) Protection watching and threat recognition

d. Verification and permission monitoring


Security logs on systems gives understandings into user authentication whether it is failed or
succeeded, right escalations and unauthorized access attempts.

e. Windows defender and protection event checking


Observing logs produced by defender or other endpoint shield software can help recognize
malware viruses, distrustful methods or system reliability disruptions.
f. Audit Policy changes:
Identifying alterations to inspect policies or system patterns can be crucial for continuing
compliance with security policies and standards. Monitoring these logs in Splunk allows for
real time alerts on unauthorized or risky modifications.

C) Compliance and governance

g. Regulatory compliance
Many businesses need companies to continue audit trails for user movement, system
alterations and security occurrences. Directing logs to Splunk’s allows automatic reporting
for compliance bases as GDPR, PCI-DSS and HIPAA.

h. File integrity monitoring


Checking file entree, alterations and removals in significant files helps leads unauthorized
access or probable data violations. Splunk’s capability to gather and imagine these events
can rationalize forensic investigation and auditing.

Reporting and dashboard for machine logs in Splunk


To best showcase and analyze machine logs, it is possible to design the reports and
dashboards:

A) System Health dashboard:

a) CPU, Memory, and storage usage:


Visual portrayal of machines resource usage over time to observe system performing and
discover unusual resource points.

b) Event log monitoring:


A panel showing the number and severity of errors and warnings in the application and
system logs with filters of different event types.

B) User activity dashboard:

a) Login success and failures:


A diagram or chart exhibiting positive and declined login efforts over time to help spot
suspect action.
b) Most active users:

A tabletop demonstrating which users are logging in the highest or by the method for the
extended time.

C) Security monitoring dashboard:

a) Threat detection:

A dashboard that shows security events like virus detections or suspicious processes flagged
by windows defender.

b) Privilege escalation:

A control panel that traces when operators or procedures gain advanced rights, which could
reveal a protection warning.

D) Incident response dashboard:

a) Security overview:

An outline dashboard demonstrating detailed security incidents like malware recognition or


unauthorized entry efforts.

References:
[Link] (2022, February 9).
What are the steps of ingesting data into Splunk cloud? [Link].
[Link]
into-Splunk-cloud/m-p/584355

Splunk Data Ingestion Methods: Made Easy 101 - Learn | Hevo. (2022, May 20).
[Link]

Data Integration: Everything You Need to Know | Splunk. (2024). Splunk; Splunk.
[Link]

You might also like