All Apps and Add-ons

how to integrate splunk and snort in different machines?

zippyopsadmin
New Member

In my snort tool in centos7 and then splunk in another machine , so I plan to integrate the splunk and snort so i just install the splunk for snort app in splunk but i did not get the dashboard if any know means let me know

0 Karma

zippyopsadmin
New Member

i am also try with same machine in splunk and snort that way also i am not getting dashboard like data and then
i just manually data add in snort.log in splunk at that time also i am not getting the dashboard data

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Co-locating Splunk and Snort is not sufficient. You must tell Splunk where to find the Snort data and how to process it. Have you done that?
What steps did you take to manually add the Snort data? What sourcetype did you choose? What index did you choose? The index and sourcetype names must match those expected by the dashboard.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

That app is very old so it may not be working properly under newer versions of Splunk.
How are you feeding Snort data into Splunk? It's not enough to just install the Snort app. Did you also enable the appropriate inputs as per the documentation?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...