This project aims to establish a robust and scalable centralized log management infrastructure using verious techologies. By deploying logcollection agents across various endpoints, firewalls, and IDS/IPS devices, we will efficiently collect and aggregate security and operational logs. This centralized repository will enable comprehensive analysis, threat detection, compliance reporting, and incident response.
- Deploy Active Directory, Splunk Server and Universal Forwarders on relevant systems.
- Configure Universal Forwarders to collect logs from endpoints, firewalls, IDS/IPS, and other sources.
- Utilize Splunk's search processing language (SPL) to analyze logs, identify patterns, and detect anomalies.
- Create custom alerts and dashboards to proactively respond to security incidents.