All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Integrating Splunk with Intellitrust

souravmondal
New Member
‎12-07-2018 02:40 AM

Hello,

I am searching a good document for the integration between Entrust Intellitrust and Splunk. We have alreay completed the required configuration at the Intellitrust end and searching for the configuration we should do at the Splunk end.

Thanks,
Sourav

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎12-07-2018 04:57 AM

The splunkbase app got this details:(i am not sure if there are any other documentations available for this app)
https://splunkbase.splunk.com/app/4204/#/details

Documentation:

Refer to the Admin Guide from your Entrust Datacard IntelliTrust account for assistance.

Configuration:

Before configuring the add-on, customers must create a Splunk application prior to this step. See the IntelliTrust Admin Online Help for more information.

To configure your add-on, complete the following steps after downloading and installing the add-on:

  1. Create a new input for your IntelliTrust source.
  2. Select the category of logs you would like to import from IntelliTrust into Splunk. The categories are: a. Authentication Events b. Management Events c. Both (By default both categories are selected)
  3. Enter the interval (in seconds) to set the frequency that audit logs in IntelliTrust are imported into Splunk. The interval cannot be less than 30 seconds. The first time the add-on is enabled, all events are imported into Splunk. After that, events are imported at the set interval rate.
  4. Under Configuration > Add-on Settings enter the json value that was created when you added a Splunk application in IntelliTrust. Upon successful configuration, this add-on will automatically import all previously logged audits for the specified category into Splunk.

Once the data source is enabled and data is being pulled in, administrators can create dashboards with IntelliTrust audit data.

As you are a new user to Splunk Answers, you can upvote the answers/comments,
if this answer resolved your query, you can select this answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

0 Karma
Reply

souravmondal
New Member
‎12-07-2018 05:07 AM

Thanks for your reply!
Yes I already went through this documentation. But they only specified the below

"To configure your add-on, complete the following steps after downloading and installing the add-on"

how and where to install is not specified. and I need to know how to install the addon and if there is any specific location I should install the add-on.

Thanks and Regards,
Sourav

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...