Splunk

Posts about Splunk administration and knowledge management.

Detecting Credential Theft Using Splunk Geographic Information

Earlier this year I attended the Educause Security Professional Conference in St. Louis. I went to a session at which Nick Hannon from Swarthmore College explained how Splunk could combine MaxMind GeoIP data with authentication logs to detect credential theft. I couldn’t find an exact tutorial online, so this is my execution of his idea. I …

Detecting Credential Theft Using Splunk Geographic Information Read More »

Finding popular CAS services with Splunk

Let’s find out what services are using our CAS server for authentication using Splunk Enterprise. To start review my CAS+Splunk configuration from my last post. We need to add a new field extraction for service_url like I did below. Then I started with the following query: