-
Notifications
You must be signed in to change notification settings - Fork 363
Splunk Server
P4T12ICK edited this page Feb 20, 2020
·
2 revisions
The Web UI of the Splunk Server can be accessed over Port 8000.
The Splunk Server comes with the following Apps pre-installed and configured:
- Enterprise Security Content Update App
- Analytics Story Execution App
- Splunk Add-on for Microsoft Windows
- Add-on for Microsoft
- Splunk Common Information Model (CIM)
- Splunk Machine Learning Toolkit
The data are stored in the following indexes:
- index=win : Windows Event Logs, Sysmon Logs, PowerShell Logs
- index=attack : Log Events from the Attack Simulation with Atomic Red Team and Caldera