App for Web Proxies

Overview

In many organizations, web proxies separate users from the Web at large. User web activity can often be a good indicator of possible compromise, phishing attempts, abuse, and outdated software. This app provides Splunk dashboards, forms, and reports which can be used to explore your web proxy events, and make sense of what can often be a large volume of data.

To do this, the app relies on the Splunk Common Information Model (CIM) for Web events. This means that the app can report on any web proxy data, as long as it has been on-boarded properly, and is available through the Web data model.

Highlights

  • Uses Data Models from Splunk Common Information Model Add-on (Splunk_SA_CIM)
  • Uses data model acceleration for faster reporting
  • Drill downs allow you to transition from accelerated data to raw events
  • Customizable for use with different proxy applications or appliances (7 included examples)
  • Customizable User Agent parsing to see the clients on your network (uses TA-user-agents, but can be switched to use others)

Note on the submission file

The file submitted contains everything needed to get a demo of the app running. This includes sample data, SA-Eventgen, Splunk_SA_CIM, TA-user-agents and, of course, the app itself.

Built With

Share this project:

Updates