All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Website Monitoring App: monitor sites beyond a single sign on page.

kdimaria
Communicator
‎05-09-2018 04:45 AM

Is there some way to configure the App to have login credentials so it passes the single sign on page? When I put the url's I want, it returns 200 but I am assuming it is pinging the sign on page and not the actual URL because when you go to that url in a browser, it redirects to the sign on page. Thanks.

0 Karma
Reply

LukeMurphey
Champion
‎05-09-2018 10:13 AM

Website Monitoring does not currently support HTML forms authentication (the type of authentication where you fill out an HTML form to get the website to let you in). However, you may be able to use the Website Inputs app instead since it does support form authentication. You could so this by:

  1. Installing Website Inputs (see https://splunkbase.splunk.com/app/1818/)
  2. Create an input against the website you want to monitor. I recommend using the wizard that is built into the app.
  3. When you get the step two of the wizard ("Enter Credentials"), make sure to set the authentication so that you can log in to the website. You may need to the change the browser to FireFox or Chrome if the forms authentication requires Javascript to authenticate. Make sure to install the browser on the host accordingly.
  4. Leave the selector blank in step three ("Define CSS Selector")
  5. Create a search to analyze the output of the input you just created such that it alerts you accordingly. You will likely want to consider the following fields: content_md5, content_sha224, response_code, response_size, request_time

Once you get the input created, you could use a search like this:

source="web_input://my_input_with_forms_auth" | table _time content* response* request*
0 Karma
Reply

kdimaria
Communicator
‎05-09-2018 10:24 AM

Thanks, Does this app do the same time of monitoring by getting the response code and the response time? And when I go to the link it redirects me to an entirely different webpage to log in then I can access a bunch of different webpages. Will it work for that?

0 Karma
Reply

LukeMurphey
Champion
‎05-09-2018 12:07 PM

I neglected a field in my list. The request_time contains the response time.

As for the link redirection: you will need to define the URL of the login page in the wizard in the authentication step of the wizard. Put the URL of the page you want to monitor into the fist page of the wizard.

0 Karma
Reply

kdimaria
Communicator
‎05-14-2018 10:50 AM

So theres two places for input? one for the URL we need authentication for then we put in the credentials then we put the other URL that we want monitored that is past that single sign on page?

0 Karma
Reply

LukeMurphey
Champion
‎05-17-2018 01:29 PM

Correct. The wizard has a page specifically for configuring authentication. It accepts a URL for the login page since it may not be the same page you want to monitor.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...