Network proxies are used in several ways in IT infrastructure: as web application accelerators and intelligent traffic direction, application-level firewalls, and content filters. By acting as a transparent ‘bump-in-the-wire’ intermediary, proxies see the entire Layer 7 network protocol stack, which allows them to implement application-specific traffic management and security policies. Web proxies and some next generation firewalls may act in a transparent or explicit mode communicating with HTTP(s) servers on behalf of a client.
Proxy logs can provide information about incoming requests and traffic distribution among available resources. Proxy records can identify details about specific content traversing network control points including file names, types, source and destination, and metadata about the requesting client such as OS signature, application, and username/ID (depending on the proxy implementation). The data can also be used to help detect command and control traffic, malicious domain traffic, and unknown domain traffic. In the Common Information Model, proxy data is typically mapped to the Web data model.
Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud). In addition, these Splunk Add-Ons and Apps are helpful for working with proxy data.
- Fortinet FortiGate Add-On for Splunk
- Splunk Add-on for Juniper
- Splunk Add-on for Symantec Blue Coat ProxySG
- Palo Alto Networks Add-on for Splunk
- Splunk Add-on for NGINX
- Splunk Add-on for Squid Proxy
Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.