Skip to main content

 

Splunk Lantern

Proxy data

 

Network proxies are used in several ways in IT infrastructure: as web application accelerators and intelligent traffic direction, application-level firewalls, and content filters. By acting as a transparent ‘bump-in-the-wire’ intermediary, proxies see the entire Layer 7 network protocol stack, which allows them to implement application-specific traffic management and security policies. Web proxies and some next generation firewalls may act in a transparent or explicit mode communicating with HTTP(s) servers on behalf of a client.  

Proxy logs can provide information about incoming requests and traffic distribution among available resources. Proxy records can identify details about specific content traversing network control points including file names, types, source and destination, and metadata about the requesting client such as OS signature, application, and username/ID (depending on the proxy implementation). The data can also be used to help detect command and control traffic, malicious domain traffic, and unknown domain traffic. In the Common Information Model, proxy data is typically mapped to the Web data model.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Use cases for Splunk security products