All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can this app be used for a self-hosted Trellix instance?

PReynoldsBitsIO
Explorer
‎03-08-2024 07:44 AM

IHAC that is trying to ingest logs from their self-hosted Trellix instance.   When I try to add an account, the URL field only lists:

  • Global
  • Frankfort
  • India
  • Singapore
  • Sydney


There is no other input field to specify an actual FQDN/IP.  Am I missing something, or is this feature not present?

Labels (1)
Labels
Tags (3)
0 Karma
Reply

tscroggins
Influencer
‎03-09-2024 06:22 PM

Hi @PReynoldsBitsIO,

URL options are specified in $SPLUNK_HOME/etc/apps/Trellix_Splunk/appserver/static/js/build/globalConfig.json:

...
                        {
                            "field": "url",
                            "label": "URL",
                            "help": "Select a unique URL for this account. Refer to https://docs.trellix.com/ to get specific FQDN and Region for your account",
                            "required": true,
                            "type": "singleSelect",
                            "options": {
                                "disableSearch": true,
                                "autoCompleteFields": [
                                    {
                                        "value": "https://arevents.manage.trellix.com",
                                        "label": "Global"
                                    },
                                    {
                                        "value": "https://areventsfrk.manage.trellix.com",
                                        "label": "Frankfort"
                                    },
                                    {
                                        "value": "https://areventsind.manage.trellix.com",
                                        "label": "India"
                                    },
                                    {
                                        "value": "https://areventssgp.manage.trellix.com",
                                        "label": "Singapore"
                                    },
                                    {
                                        "value": "https://areventssyd.manage.trellix.com",
                                        "label": "Sydney"
                                    }
                                ]
                            }
                        },
...

You may be able to add custom endpoints to this file following the pattern shown, but I recommend contacting the app developer directly to confirm. You can find their email address on the contact tab of other apps they've developed: https://splunkbase.splunk.com/apps?author=lgodoy

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...