Splunk How-To: Creating a Custom Threat Map in Splunk

By |Published On: October 20th, 2014|

* Deprecation Warning: Please be aware that this tutorial will not work on Splunk 6 and above.

The following screencasts will show you how to build a custom threat map in Splunk using Splunk’s built in Google Map features. Those features will then be customized to allow us to add in skull icons that change size and color depending on how many times a specific IP address hits the firewall.

UFW logs are being used for these examples, but feel free to use whatever you want as long as you can pull latitude and longitude data from your search. It is HIGHLY recommended that you are semi-proficient at Splunk searching, as well as having some understanding of JavaScript in order to follow along easily.

Part 1

Part 2

Part 3

About Hurricane Labs

Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.

For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.