Network proxies are used in several ways in IT infrastructure: as web application accelerators and intelligent traffic direction, application-level firewalls, and content filters. By acting as a transparent ‘bump-in-the-wire’ intermediary, proxies see the entire Layer 7 network protocol stack, which allows them to implement application-specific traffic management and security policies. Web proxies and some next generation firewalls may act in a transparent or explicit mode communicating with HTTP(s) servers on behalf of a client. In the Common Information Model, proxy data is typically mapped to the Web data model.
Proxy logs can provide information about incoming requests and traffic distribution among available resources. Proxy records can identify details about specific content traversing network control points including file names, types, source and destination, and metadata about the requesting client such as OS signature, application, and username/ID (depending on the proxy implementation). The data can also be used to help detect command and control traffic, malicious domain traffic, and unknown domain traffic.
When your Splunk deployment is ingesting proxy data, you can use it to accomplish security and compliance and IT Ops use cases.
- Monitoring employee network traffic
- Complying with General Data Protection Regulation
- Reconstructing a website defacement
- Detecting TOR traffic
- Monitoring for network traffic volume outliers
- Detecting network and port scanning
- Managing firewall rules
- Detecting the use of randomization in cyberattacks
- Managing web server performance
- Monitoring web application performance
Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud). In addition, these Splunk Add-Ons and Apps are helpful for working with proxy data.
- Fortinet FortiGate Add-On for Splunk
- Splunk Add-on for Juniper
- Splunk Add-on for Symantec Blue Coat ProxySG
- Palo Alto Networks Add-on for Splunk
- Splunk Add-on for NGINX
- Splunk Add-on for Squid Proxy
Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.