Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

How to set up splunk alert for successful zone transfers?

New Member
Posts: 3
3542     0

Hello,

 

I am not super new to the community but I have found a lot of useful information which helped me.  And

I wanted to know if it is possible to configure a custom alert in reporting for successful zone transfers for all members? so for every successful xfer I would get an alert.  Please advise.

 

Thanks,

 

-D

Re: How to set up splunk alert for successful zone transfers?

New Member
Posts: 2
3543     0

You need to schedule the matching search for each five minutes.

Splunk search would be like this base search |stats count by respecfield|where count >0 and can set the trigger condition to send AN email if results area unit larger than zero .

Splunk runs the search for each five minutes as regular however solely notifies you once the result count is bigger than condition given .

 

Let me know if this helps or not.

Re: How to set up Splunk alert for successful zone transfers?

New Member
Posts: 2
3543     0

You need to schedule the matching search for each five minutes.

Splunk search would be like this base search |stats count by respecfield|where count >0 and can set the trigger condition to send AN email if results area unit larger than zero .

Splunk runs the search for each five minutes as regular however solely notifies you once the result count is bigger than condition given .

 

Let me know if this helps or not.

Re: How to set up splunk alert for successful zone transfers?

New Member
Posts: 3
3543     0

Thank you!

 

I was able to figure it out! Yay.  I had to make sure Syslog messages are getting reported to the reporting server.  Then, after letting it run for a bit, I searched for xfer messages.  After finding what i was looking for ( for example messages with "trasfer completed"), I built custom alert based on specific criteria off of the syslog message.  I tested it and so far it works like a charm.

 

-D

Showing results for 
Search instead for 
Did you mean: 

Recommended for You