I stumbled upon the RSA SecurID app after a client requested getting logs from their RSA SecurID appliance and have a few questions:
I have not been able to put time into the app unfortunately but do hope to do so soon as I have recently retained access to newer RSA SecurID logs. However what I have done recently is build a TA for the RSA SecurID that is CIM compliant (the app is not). I'll post it on splunkbase shortly, feel free to contact me direct if you need it sooner.
Thanks for your quick reply.
I did a bit of testing myself. What I did was the following:
Does this sound like your findings?
I'll be waiting for the app on Splunkbase. Are you breaking it up into an App and Add-on for distributed environments?
So as you can tell, this was developed long before there were many options to make life easier 🙂
Since I do not have regular access to an appliance anymore, any changes you've made I would be most interested in reviewing for possible incorporation to an application update. The TA I wrote was only when I had short-term access to an appliance in the field but it did work off of syslog data.