Hi Guys,
I am new to Splunk Enterprise. I am currently setting up a testlab to do correlation event for a simulation attack (from Kali Linux) on an Apache Web Server (with ModSecurity installed). As I am trying to correlation two source types: one from Firewall and one from ModSecurity so that upon an attack attempt from Kali Linux(Attacker) will auto trigger an alert. I would like to understand whether it is possible to achieve this correlation event alert without Splunk Enteprise Security.
Your help is very much appreciated.
Thanks.
Regards,
Kenneth
↧