Skip to main content
Splunk Lantern

Proxy data

Network proxies are used in several ways in IT infrastructure: as web application accelerators and intelligent traffic direction, application-level firewalls, and content filters. By acting as a transparent ‘bump-in-the-wire’ intermediary, proxies see the entire Layer 7 network protocol stack, which allows them to implement application-specific traffic management and security policies. Web proxies and some next generation firewalls may act in a transparent or explicit mode communicating with HTTP(s) servers on behalf of a client. In the Common Information Model, proxy data is typically mapped to the Web data model

Visibility

Proxy logs can provide information about incoming requests and traffic distribution among available resources. Proxy records can identify details about specific content traversing network control points including file names, types, source and destination, and metadata about the requesting client such as OS signature, application, and username/ID (depending on the proxy implementation). The data can also be used to help detect command and control traffic, malicious domain traffic, and unknown domain traffic.

Sources

Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud). In addition, these Splunk Add-Ons and Apps are helpful for working with proxy data.

Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.

  • Was this article helpful?