Flagging suspect IP addresses

Any server that receives requests from clients is always a potential target for someone to try and exploit by initiating an attack. Attacks can come in many different forms, and over time, it is important to keep a history of the originating source of the attack. This is so we can monitor the behavior and patterns more closely and potentially use this data to block access as needed.

In this next recipe, you will learn how to store the source IP addresses of clients; these IP addresses are to be flagged for suspect behavior based on the requests they make.

Getting ready

To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In ...

Get Splunk: Enterprise Operational Intelligence Delivered now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk: Enterprise Operational Intelligence Delivered by Betsy Page Sigman, Erickson Delgado, Josh Diakun, Paul R Johnson, Derek Mock, Ashish Kumar Tulsiram Yadav

Flagging suspect IP addresses

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly