Skip to main content
Splunk Home
LANTERN HOME
  1. Splunk Lantern
  2. Step-by-Step Procedures
  3. Security Monitoring
  4. Monitoring Network Connections

Monitoring Network Connections

Follow New articles New articles and comments
  • Amazon EKS Kubernetes cluster scan detection
  • Amazon EKS Kubernetes pod scan detection
  • Authentication logs for an endpoint
  • Azure Kubernetes pod scan fingerprinting
  • Azure Kubernetes scan fingerprinting
  • Blocked traffic from host
  • Blocked traffic to host
  • Changes in DNS record type queries
  • Communication over unsecured UDP
  • GCP Kubernetes cluster scan detection
  • Increases in DNS packet size and volume
  • Network traffic patterns between a source-destination pair
  • Number of connections between unique source-destination pairs
  • Percentage of total bytes out from a source to a single destination
  • Rarely used firewall rules
  • Requests to a large number of subdomains
  • Signs of beaconing activity
  • Spikes in volume of DNS queries
  • Total bytes out from source IP addresses
  • Volume of traffic between source-destination pairs
The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.
Splunk Home LANTERN HOME
  • Facebook
  • Twitter
  • LinkedIn
Splunk, Splunk> and Turn Data Into Doing are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.