All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

onboard honey pot solution into Splunk

sahiltcs
Path Finder
‎10-13-2020 12:01 AM

We need to onboard Honeypot in our Splunk ES Instance, Can you Please help how we can Proceed further.

 

Also I can see there is canary app and add on https://help.canary.tools/hc/en-gb/articles/360002432418-Installing-the-Canary-Splunk-App-and-Add-on

 

Is this fine approach?Please suggest

Labels (2)
Labels
0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 03:15 AM

@richgalloway  can you please suggest

We have finalized the canary app , but only challenge we are facing Canary app is compatible with Splunk Cloud but the Canary addon is not compatible with Splunk Cloud as well as with the existing version of Splunk Enterprise(HF).  can we wait till the splunk fixes up issues for the new version?

Can you Please suggest a way to move forward.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-21-2020 05:38 AM

The Canary apps claim to compatible with Splunk 8.1, but, as you said, are not available for Splunk Cloud.  Since they are not Splunk-supported apps, the best you can do is contact the developer or fix them yourself.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 06:42 AM

@richgalloway  

I can see there is one moreapp honeypy, let us know if it works and where we can install on SPlunk cloud or our IDM server

https://splunkbase.splunk.com/app/4431/

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-21-2020 06:56 AM

I've never used that app so I don't know if it works or not.  Try installing it on your test Splunk to see if it works for you.  If it does then request it be installed on your IDM.

Keep in mind that add-ons which cannot be installed on Splunk Cloud usually can be installed on an on-prem Heavy Forwarder which then sends the data to Splunk Cloud.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 06:05 AM

I can see there is one more honeypy, let us know if it works and where we can install on SPlunk cloud?

https://splunkbase.splunk.com/app/4431/

0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 03:14 AM

We have finalized the canary app , but only challenge we are facing Canary app is compatible with Splunk Cloud but the Canary addon is not compatible with Splunk Cloud as well as with the existing version of Splunk Enterprise(HF).  can we wait till the splunk fixes up issues for the new version?

Can you Please suggest a way to move forward.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-13-2020 08:14 AM

There are a few ways to onboard data into Splunk.

  1. Install a universal forwarder on the server to send log files to Splunk
  2. Have the server send syslog data to Splunk via a syslog server or Splunk Connect for Syslog
  3. Use the server's API to extract data for indexing
  4. Use Splunk DB Connect to pull data from the server's SQL database.

There may be other options if the service in question is in the cloud.

What is it you wish to do with Canary?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

New Case Study: How LSU’s Student-Powered SOCs and Splunk Are Shaping the Future of ...

Louisiana State University (LSU) is shaping the next generation of cybersecurity professionals through its ...

Splunk and Fraud

Join us on November 13 at 11 am PT / 2 pm ET!Join us for an insightful webinar where we delve into the ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...