[blog.rayfoo] Infosec, DFIR, tech geekery, thoughts and whatnot

20Apr/100

Getting additional (IP/network/location) info along with your Splunk searches

Chanced upon some of the info by accident (smack at the bottom of one part of the Splunk documentation...), but I can't find it now.  Going to share here anyway :D

Some (or probably most/all) of your searches might involve public IP addresses, and more often than not we would want to have additional info along with the IP address to work with.

Three of the things that we could do in Splunk automatically would be to get IP-location info, or to reverse lookup an IP to a domain, or to lookup a domain to an IP.

Tagged as: , , , , , , Continue reading
 « Newer Entries  

Subscribe

Downloads

Links

Social

Most Active Tags

APT books brute forcing BTPC Christian Christian living CLI data mining data visualization DNS Downloads drama education fun funny geolocation hardening HOWTO information gathering Japanese linux log analysis lyrics network nginx OpenVPN picture programming project Python random RSnake security server administration spam Splunk SSH TED thoughts tools Ubuntu web application web server wifi WordPress

Recent Comments

Recent Posts