{"id":878,"date":"2022-03-06T11:17:06","date_gmt":"2022-03-06T02:17:06","guid":{"rendered":"https:\/\/rfsec.ddns.net\/db\/?p=878"},"modified":"2022-03-08T11:16:24","modified_gmt":"2022-03-08T02:16:24","slug":"splunk%e3%81%a7windos-defender%e3%81%ae%e3%83%ad%e3%82%b0%e3%82%92%e8%a7%a3%e6%9e%90","status":"publish","type":"post","link":"https:\/\/rfsec.ddns.net\/db\/?p=878","title":{"rendered":"Splunk\u3067Windos Defender\u306e\u30ed\u30b0\u3092\u89e3\u6790"},"content":{"rendered":"\n

Splunk\u3067Windows\u306e\u30a4\u30d9\u30f3\u30c8\u30ed\u30b0\u3092\u95b2\u89a7\u3067\u304d\u308b\u307e\u3067\u8a2d\u5b9a\u304c\u7d42\u308f\u3063\u3066\u3044\u308b\u3053\u3068\u3092\u524d\u63d0\uff1b<\/p>\n\n\n\n

Splunk\u306eAPP\u3000\u300cTA for Microsoft Windows Defender<\/a>\u300d\u3092Splunk\u3078\u5c0e\u5165\u3057\u3001Windows\u5074\u306eUniversalForwarder\u306einputs.conf\u306b\u6b21\u3092\u8ffd\u52a0\u3059\u308b\u3002<\/p>\n\n\n\n

[WinEventLog:\/\/Microsoft-Windows-Windows Defender\/Operational]\ndisabled = false\nblacklist = 1001, 1150, 2011, 2000, 2001, 2002, 2010<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
UniversalForwarder\u3092\u518d\u8d77\u52d5\u3059\u308b\u3068\u3001Splunk\u306e\u30b5\u30fc\u30c1\u3067\u30bd\u30fc\u30b9\u30bf\u30a4\u30d7\u3068\u3057\u3066”WinEventLog:Microsoft-Windows-Windows Defender\/Operational”\u304c\u898b\u3048\u308b\u3088\u3046\u306b\u306a\u308b\u3002<\/p>\n\n\n\n
Raspberry Pi\u3078UniversalForwarder\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n\n\n\n
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u624b\u9806: https:\/\/www.splunk.com\/ja_jp\/blog\/tips-and-tricks\/how-to-install-universal-forwarder-01.html<\/a><\/p>\n\n\n\n
Download\u306eLINK: https:\/\/www.splunk.com\/en_us\/download\/universal-forwarder.html<\/a><\/p>\n\n\n\n
\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u30b5\u30fc\u30d0\u3078\u8ee2\u9001\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\uff1a<\/strong><\/p>\n\n\n\n
indexer\u306e\u8a2d\u5b9a\uff08PORT 8089)<\/p>\n\n\n\n
\/opt\/splunkforwarder\/bin\/splunk add forward-server <INDEXER_IP>:<INDEXER_PORT><\/code><\/pre><\/div>\n\n\n\n
\u30e2\u30cb\u30bf\u30fc\u5bfe\u8c61\u306e\u30d5\u30a1\u30a4\u30eb\u8a2d\u5b9a<\/p>\n\n\n\n
How to install Splunk Forwarder on Ubuntu<\/a><\/p>\n\n\n\n
\u4f8b\uff1a$sudo splunk add monitor \/var\/log\/apache2\/access.log<\/p>\n\n\n\n
\u30e2\u30cb\u30bf\u30fc\u7528\u306e\u30b3\u30de\u30f3\u30c9\n[sudo] $SPLUNK_HOME\/bin\/splunk add monitor <\u53d6\u308a\u8fbc\u307f\u30d5\u30a1\u30a4\u30ebor\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30d1\u30b9> [-\u30d1\u30e9\u30e1\u30fc\u30bf \u5024]<\/code><\/pre><\/div>\n\n\n\n
OS\u306e\u8d77\u52d5\u6642\u306bsplunk\u3092\u8d77\u52d5\u3059\u308b\u8a2d\u5b9a<\/p>\n\n\n\n
\/opt\/splunkforwarder\/bin\/splunk enable boot-start<\/code><\/pre><\/div>\n","protected":false},"excerpt":{"rendered":"
Splunk\u3067Windows\u306e\u30a4\u30d9\u30f3\u30c8\u30ed\u30b0\u3092\u95b2\u89a7\u3067\u304d\u308b\u307e\u3067\u8a2d\u5b9a\u304c\u7d42\u308f\u3063\u3066\u3044\u308b\u3053\u3068\u3092\u524d\u63d0\uff1b Splunk\u306eAPP\u3000\u300cTA for Microsoft Windows Defender\u300d\u3092Splunk\u3078\u5c0e\u5165\u3057\u3001Windows […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-878","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"featured_image_src":null,"author_info":{"display_name":"mars","author_link":"https:\/\/rfsec.ddns.net\/db\/?author=1"},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/posts\/878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=878"}],"version-history":[{"count":4,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/posts\/878\/revisions"}],"predecessor-version":[{"id":888,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=\/wp\/v2\/posts\/878\/revisions\/888"}],"wp:attachment":[{"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rfsec.ddns.net\/db\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}