Re: how to integrate splunk and snort in different...

zippyopsadmin · ‎10-11-2019

In my snort tool in centos7 and then splunk in another machine , so I plan to integrate the splunk and snort so i just install the splunk for snort app in splunk but i did not get the dashboard if any know means let me know

zippyopsadmin · ‎10-11-2019

i am also try with same machine in splunk and snort that way also i am not getting dashboard like data and then
i just manually data add in snort.log in splunk at that time also i am not getting the dashboard data

richgalloway · ‎10-11-2019

Co-locating Splunk and Snort is not sufficient. You must tell Splunk where to find the Snort data and how to process it. Have you done that?
What steps did you take to manually add the Snort data? What sourcetype did you choose? What index did you choose? The index and sourcetype names must match those expected by the dashboard.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎10-11-2019

That app is very old so it may not be working properly under newer versions of Splunk.
How are you feeding Snort data into Splunk? It's not enough to just install the Snort app. Did you also enable the appropriate inputs as per the documentation?

---
If this reply helps you, Karma would be appreciated.

how to integrate splunk and snort in different machines?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?