Someone mentioned a few days ago about being able to see site visit data in splunk. Anyone know how that is done? What splunk is that? What's the index?
14 replies (most recent on top)
You have to be a very special type of buffoon to use your corporate device for scrolling adult sites
@d9 Powerful, no. All knowing, yes.
I'm just saying that that is what Splunk can do buddy... But for the record I was asked by a VP last year to pull logs for a specific user and let's just say that person was fired. Currently there is a user who enjoys - for some weird reason - utilizing their company issued computer to browse adult sites and etc... Or at least attempting to anyways, and let's just say that person is under heavy review at the moment.
Powerful, no. But don't think for a second that we can't see EVERY SINGLE site you go to if we choose to ;)
Depends what Splunk you are talking about as there are many variations of it.
IT Splunk won't show anything other than whatever apps are tied to it and that Splunk instance is told to ingest.
I'm sure there is an instance of Splunk for nearly every department/org but...
SRO Splunk is capable of seeing VPN logs, meaning it logs the millisecond you connect, disconnect, and from where you connect (source IP.) Since we have "always-on VPN," your computer will ALWAYS be connected to the VPN unless you either turn it off or move to a new wifi location; in which will disconnect then reconnect the moment interent is available again.
@dk Correct, but assuming OP is referring to a comment I made on a different post, which was in regard to tracking in office time...
SRO happens to control the VPN's. SRO splunk captures VPN logs which include time spent in office, users connected, user disconnect times, where users connected from, time connected to VPN, etc...
Who cares about IT splunk lol. Management won't be using, nor care about any other splunk query other than the VPN query.
I hope to god they never do care about it but, time will tell...
@OP your a genius can you get logs from our SIEM that would be great, so much logs, I can read through the logs, get the insights and put the data into my data lake. Oh the logs then would be feed into AI Factory for me to train the model and make it Agentic with chat bots. Your so smart doing so much with the logs!
It's the SRO instance of Splunk, not the regular IT one that all the regular applications consume.
@be wow, you must feel powerful
@b1 Oh just shut up. I was the one who made the comment in a different post OP is referring to. OP is just wanting more info on the matter...
But since you are probably too cool and feel invulnerable, we can literally see when you connect to VPN, when you disconnect, what websites you go to and how often, if you watch movies, stream music, go to youtube and put on a 100 hour video to keep your status "available."
We can see what ISP - internet service provider - you use when you are on VPN at home. We can see it all. I unknowingly helped get someone fired last year because a VP asked for some logs and well... I gave them.
@b8 Execs likely dont even have the permissions to view Splunk logs but obviously they can request reports of those logs. Maybe a certain few do; I actually have no idea but from a security perspective I highly doubt any of them do have access to Splunk.
Regardless yes, we (as in those whom are privy to Splunk) can absolutely pull up a query of everybody's in-office time versus out-of office time.
Yes, Splunk can and does ingest/log VPN usage which includes IP address's, time logged in, time logged out, etc...
It is tracked via your source IP essentially. If your source IP isn't a DELL IP address then you are NOT at the office. So yes we can tell where you are connected to VPN from, and for how long...
A splunk index is just a database that stores a TON of logs but organized by the type of logs.
Can you see this? No. Can I? Yes.
Please stop posting. You are embarrassing yourself.
Do you have a service now ticket #?
We can’t help you without this…
Might get a better answer here…
so now we're an IT site. Get the f out of here.