Key benefit of this paper is to provide solution to reduce the time gap between the attacker to compromise the organization and organization to detect it has been compromised. It can be done through real time monitoring the organization data activities. These activities can be from the network assets such as firewall, servers, active directory, IPS, IDS, etc. Studies show that on an average this time gap will be 4 to 6 months, by this time the attacker would have caused severe potential damage to the enterprise which might bring us huge financial loss, confidential data might be breached. To Proactively protect enterprises from such threats It is necessary to have a security operational center which helps organization in real-time monitoring and proactive analysis.

Splunk, system logs, correlation, CSV-comma separated values

[1]K.SANKARI,R.LAVANYA,S.AMALAGRACY “Real Time Monitoring System Using Splunk” IJCSMC, Vol. 4, Issue. 3, March 2015, pg.434 – 441, pp. ISSN 2320–088X
[2] KAVITA AGRAWAL1, READER HEMANT MAKWANA “Data Analysis and Reporting using
Different Log Management Tools” IJCSMC, Vol. 4, Issue. 7, July 2015, pg.224 – 229 pp. ISSN 2320–088X
[3]Harikrishnan V N, Gireesh Kumar T “Advanced Persistent Threat Analysis using
Splunk” Volume 118 No. 20 2018, 3761-3768
[4] Aron Warren “Setting up Splunk for Event Correlation in Your Home Lab” Accepted : SANS Institute Information Security Reading Room on November 19th 2013 ((GCIA) Gold Certification).
[5] Igino Corona, Giorgio Giacinto “Detection of Server-side Web Attacks” JMLR: Workshop and Conference Proceedings 11 (2010) 160–166.
[6] William Geiger “Proactively Guarding Against Unknown Web Server Attacks” Accepted: SANS Institute Information Security Reading Room on 2001.
[7] Kavita Agrawal, Hemant Makwana “A Study on Critical Capabilities for Security Information and Event Management” International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2013): 6.14 | Impact Factor (2013): 4.438.
[8] S.Padmaja , Dr.Ananthi Sheshasaayee “Web Server Logs To Analyzing User Behavior Using Log Analyzer Tool” International Journal of Advance Research In Science And Engineering http://www.ijarse.com IJARSE, Vol. No.3, Special Issue (01), September 2014 ISSN-2319-8354(E).
[9] Varsha R Mouli, KP Jevitha “Web Services Attacks and Security- A Systematic Literature Review” 6th International Conference On Advances In Computing & Communications, ICACC 2016, 6-8 September 2016, Cochin, India.
[10] L.K. Joshila Grace, V.Maheswari, Dhinaharan Nagamalai “Analysis Of Web Logs And Web User In Web Mining ” International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.1, January 2011.