Video

Splunk for Security: Expansion - Windows DNS Monitoring

Episode 4

Play Video about Splunk for Security Stream Windows DNS Setup - Episode 7

Video Summary

In the final video of the Splunk for Security: Expansion series, the focus is on setting up Windows DNS monitoring using Splunk Stream. The process begins with navigating to the Splunk Stream app, selecting "Configuration," and then adding a new metadata stream for DNS. Key steps include naming the stream, setting up aggregation to consolidate events by source IP, and customising the fields to be included or excluded. The demonstration highlights how aggregation can combine multiple events into a single entry with additional statistical data, while the Fields page allows for detailed customisation.

The video also covers configuring filters, setting the index, and utilising "Estimate Mode" to evaluate index volume without actual data ingestion. Additionally, the "Groups" page enables specifying which forwarders should handle the DNS data. Once the stream is created, it can be reviewed and edited as needed. This setup provides a practical example applicable to various stream types, showcasing the flexibility and efficiency of Splunk Stream in managing and monitoring network traffic data.

Additional Resources

Who are Somerford?

We are a passionate group of people delivering innovation to our customers on their digital transformation journey.

Splunk Edge Hub

Effortlessly streamline the process of inegrating your data with the Splunk Edge Hub

Splunk Security Solutions

Utilise Splunk's suite of security solutions designed to provide uniefied and robust defence against cyber threads.

Get in Touch to Learn More

With specialist knowledge, skills and experience derived from supporting a broad range of FTSE 100, FTSE 250 and smaller companies Somerford Associates have a strong reputation for enabling digital transformation at scale, at pace and in budget.
Scroll to Top