Write a complete SPLUNK notable event that will:
1) create an alert to detect when any internal device is using a DNS server other than the DNS IP provided in a Table lookup
2) send email regarding the alert with subject related to the alert msg
3) Include the source IP, source port, dest IP, dest port, rogue DNS IP/hostname in the alert and email
4) Add notable event to Security Posture Dashboard "THREAT NOTABLES"
I’m not allowed to provide you access to our production Splunk environment you will have to test your work on a 'free" Splunk instance.
[login to view URL]
Delivery date must be completed in (3) days or less
Price: $40.00 USD