[blog.rayfoo] Infosec, DFIR, tech geekery, thoughts and whatnot

13Mar/102

Fun with Splunk: SSHD

Thought I'd share a bit on the tip of the iceberg, on what can be done with Splunk.  Linux command line tools are still much needed for raw log analysis (since we can't have the luxury of having a Splunk installation around and ready whenever we need it), but if setup and running properly, Splunk can be pretty helpful (and not to mention faster) for some things.

(This post is pretty unpolished, partly because I can't be bothered to fiddle around with fitting the search strings into the width of the post, etc.  Nonetheless,  comments/discussions are always welcome heh)

One of my favourite tasks with log analysis is to get information on those people/bots which are brute forcing SSHD, so let's start with SSH attacks as an example.

Tagged as: , , , , , , , Continue reading
   

Subscribe

Downloads

Links

Social

Most Active Tags

APT books brute forcing BTPC Christian Christian living CLI data mining data visualization DNS Downloads drama education fun funny hardening HOWTO information gathering Japanese linux log analysis lyrics mathematics network nginx OpenVPN picture programming project Python random RSnake security server administration spam Splunk SSH TED thoughts tools Ubuntu web application web server wifi WordPress

Recent Comments

Recent Posts