Skip to main content

Managing firewall rules

  • Updated

Scenario: As a security network tools engineer, you sometimes need to make sure that firewall rules are set correctly. You can do this at the firewall interface, but if a rule affects an application you may need to check which rules, if any, are involved with certain applications. This is especially true if the network operations center (NOC) has received tickets for applications that exhibit network timeout behavior. As part of your ongoing security policy audits, you want to identify rarely used rules and decide if the rare usage is an indicator of compromise.  

How Splunk software can help

You can use Splunk software to ensure that you have rules properly configured to allow or block traffic as needed. You can also identify commonly or uncommonly used rules to optimize your firewall.

What you need 

To succeed in implementing this use case, you need the following dependencies, resources, and information.

People

The best person to implement this use case is a security tools engineer. This person might come from your team, a Splunk partner, or Splunk OnDemand Services.

Time

Managing firewall rules using Splunk software can last up to an hour or two. 

Technologies 

The following technologies, data, and integrations are useful in successfully implementing this use case: 

  • Splunk Enterprise or Splunk Cloud
  • Data sources onboarded

How to use Splunk software for this use case

You can run many searches with Splunk software to manage firewall rules. Depending on what information you have available, you might find it useful to identify some or all of the following: 

Other steps you can take

To maximize their benefit, the how-to articles linked in the previous section likely need to tie into existing processes at your organization or become new standard processes. These processes commonly impact success with this use case: 

  • Security policy audits

Related resources 

This use case is also included in the IT Essentials Learn app, which provides more information about how to implement the use case successfully in your IT maturity journey. In addition, these Splunk resources might help you understand and implement this use case:

How to assess your results

Measuring impact and benefit is critical to assessing the value of IT operations. The following are example metrics that can be useful to monitor when implementing this use case:

  • Number of firewall rule related incidents over time
  • Number of applications or users impacted by errors with rules 
  • Productivity time lost due to firewall rule related errors 

Related articles

Comments

0 comments

Please sign in to leave a comment.

The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.