This week Satisnet hosted a Qradar training day, being new to the product I attended hoping to gain a better understanding of the product. Most of the day was lead by Q1 Labs themselves, their engineer (Rob) took us through an … Read this post »

Install the NetFlow app from Splunkbase, and restart Splunk.

Ensure you allow udp/9995 on your firewall.

Use tcprewrite (http://tcpreplay.synfin.net/wiki/tcprewrite) on the pcap file (You’ll need to replace 192.168.2.180 with your splunk server IP & 00:24…59:18 with the corresponding mac address; … Read this post »