Solved: CyberX Integration with Splunk

newsplunker1 · ‎02-19-2020

Hello,

Did anyone integrate CyberX with Splunk ? If so what did you have to configure or what info you provided to CyberX to get it to work ?I I checked the CyberX app for more details but i could not find any thing related to how they are sending the data to Splunk ( Via syslog , UF , API....?),

Thanks

newsplunker1 · ‎02-21-2020

I figured it out .......basically you will need to configure the forwarding from cyberX console (web interface) then in the host name , you ll be using the HF or whatever splunk server you re using to receive the data , the port number is 8089 (mngt port ) . You also need to setup a service account and a role with the following access ( splunktcp,splunktcp_ssl , token,tcp,http).

View solution in original post

newsplunker1 · ‎02-21-2020

I figured it out .......basically you will need to configure the forwarding from cyberX console (web interface) then in the host name , you ll be using the HF or whatever splunk server you re using to receive the data , the port number is 8089 (mngt port ) . You also need to setup a service account and a role with the following access ( splunktcp,splunktcp_ssl , token,tcp,http).

CyberX Integration with Splunk

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI

Are you a member of the Splunk Community?

CyberX Integration with Splunk

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Splunk Observability for AI