Deploying Splunk Universal Forwarders via GPO

When you want to get security event data from your Windows endpoints, there exists a myriad of ways to achieve that objective. Here I am going to outline how to deploy the Splunk Universal Forwarder (UF) using a Group Policy Object (GPO). From there, you can configure the agents using a deployment server to ship the logs … Read more Deploying Splunk Universal Forwarders via GPO

Replacing the Default Splunk Web SSL Certificate

This post  goes over how to sign a SplunkWeb Certificate Signing Request (CSR) using my Root CA in pfSense. I do not cover creating the Root CA. Step 1: Create the directory for the certificates

Step 2: Generate the private key and temporary password

Step 3: Remove the password from the private key … Read more Replacing the Default Splunk Web SSL Certificate

Tracking SSH Brute-force Logins with Splunk

If you manage servers with OpenSSH access, you have no doubt been subject to the barrage of ssh brute-force attempts that occurs across the internet. Some administrators deal with this by either changing the default port (security by obscurity), utilizing public keys, threshold blocking, or white-listing source IP addresses among other things. AWS has security … Read more Tracking SSH Brute-force Logins with Splunk

Running an Authoritative DNS Server

I have been running my own Domain Name Server for several years. Some people argue the merits of doing such a thing when you can just put it in the “cloud”, but I enjoy managing DNS with all the flexibility and  enrichment it brings. I run Bind version 9 in a FreeBSD Jail and it … Read more Running an Authoritative DNS Server