Category Archives: Splunk

  • Home
  • Category Archives

How I Format Splunk Alerts With A Tines Automation Workflow

This Tines automation will allow the user to receive custom specified alerts from a Splunk forwarded instance (in this example, running on a Linux VPS), format the alert data into easily/quickly readable format, and be able to send that data out as an alert to any variety of services (email, discord/slack chat apps, other API enabled apps/services, webhooks, etc.). Perfect for learning the basics of getting started automating Splunk alerts

Read More

I Automated Splunk Alerts With Tines In 1 & 5 Minutes – Here’s What Happened

I gave myself one minute to automate a Splunk Linux server alert using Tines. Then added 4 minutes to that (to give a total of 5 minutes) to see if it was even possible to setup a relevant alert notification that fast. I don’t know about you, but 5 minutes is not a lot of time to automate a Splunk alert, let alone one minute… I’ve got no idea how much I’m going to get done in 1 minute, so let’s find out, shall we?

Read More

Tines / Splunk – Automated Customized Alerts

Simple overview: This Tines/Splunk project receives alerts from Splunk running on a server crawling through access logs, user event logs, and nginx logs based on pre-set thresholds or events to trigger the alert. Although Splunk provides adequate alerting actions out of the box, I decided to integrate their webhook alert function with Tines. Not only […]

Read More

Project 3 – Splunk / Log Analysis

Cybersecurity class project 3 was centered around setting up Splunk and analysis of Apache and Widows logs. For me personally, it was a bit of a learning curve figuring out how to setup Splunk initially as we were installing through Docker containers outside of the official method designed for our class (The infrastructure used for […]

Read More