Below you will find pages that utilize the taxonomy term “Splunk”
Geo Impossible Logins: Detecting Credential Theft in Splunk
Earlier this year I attended the Educause Security Professional Conference in St. Louis. I went to a session at which Nick Hannon from Swarthmore College explained how Splunk could combine MaxMind GeoIP data with authentication logs to detect credential theft by looking for geo impossible logins. I couldn’t find an exact tutorial online, so this is my execution of his idea. I based much of the …
see the full story
Mapping CAS Logins with Splunk
The first log that I wanted to parse with our new Splunk Enterprise system was catalina.out log from our CAS server. CAS, or Central Authentication Server, is a web-based, federated, single sign-on service available at http://www.jasig.org/cas/. We use it for, among other things, our authentication for Google Apps for Education.
This post contains affiliate links, which means I may receive a small …
see the full story
Finding Popular CAS Services with Splunk: A Complete Guide
Understanding CAS and Its Importance Central Authentication Service (CAS) is widely used in enterprises and educational institutions to provide single sign-on (SSO) authentication. Tracking which CAS services are most frequently accessed can offer valuable insights into user behavior, application usage, and potential security concerns.
Splunk is a powerful tool that can analyze authentication logs …
see the full story