Does the Technology Add-on for RSA SecurID support...

nychawk · ‎09-10-2015

Hello;

I've just installed "Technology Add-on for RSA SecurID" https://splunkbase.splunk.com/app/2872 on my syslog server (running a Universal Forwarder, that is pulling RSA logs from /var/adm/message, a to-do is to stuff RSA SecurID logs into a separate file). I've also installed on my indexers and search heads.

I am seeing sourcetypes:

rsa:runtime
rsa:system
rsa:admin

I was wondering if this add-on supports using the "RSA SecurID Application for Splunk" for reports (https://splunkbase.splunk.com/app/822) This app uses snmp to extract data, and I am unable to see where, or how, to alter it to use syslog instead.

Thank you,

-mi

joshd · ‎09-10-2015

Hi nychawk,

No it currently does not since the RSA app has not been updated in quite some time. I am however working on that as we speak and hope to have it updared/supported by early next week. I will post for you here when I am done.

Thanks,
Josh

casey18cc · ‎12-28-2015

Just stumbled across this as I just implemented your TA. Has there been any updates on making the TA and Splunk for RSA compatible?

Thanks,

Casey

nychawk · ‎09-10-2015

Thank you Josh, I can offer up myself to test if needed.

Regards,

-mi

Does the Technology Add-on for RSA SecurID support using the RSA SecurID Application for Splunk for reports?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation