All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

onboard honey pot solution into Splunk

sahiltcs
Path Finder
‎10-13-2020 12:01 AM

We need to onboard Honeypot in our Splunk ES Instance, Can you Please help how we can Proceed further.

 

Also I can see there is canary app and add on https://help.canary.tools/hc/en-gb/articles/360002432418-Installing-the-Canary-Splunk-App-and-Add-on

 

Is this fine approach?Please suggest

Labels (2)
Labels
0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 03:15 AM

@richgalloway  can you please suggest

We have finalized the canary app , but only challenge we are facing Canary app is compatible with Splunk Cloud but the Canary addon is not compatible with Splunk Cloud as well as with the existing version of Splunk Enterprise(HF).  can we wait till the splunk fixes up issues for the new version?

Can you Please suggest a way to move forward.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-21-2020 05:38 AM

The Canary apps claim to compatible with Splunk 8.1, but, as you said, are not available for Splunk Cloud.  Since they are not Splunk-supported apps, the best you can do is contact the developer or fix them yourself.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 06:42 AM

@richgalloway  

I can see there is one moreapp honeypy, let us know if it works and where we can install on SPlunk cloud or our IDM server

https://splunkbase.splunk.com/app/4431/

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-21-2020 06:56 AM

I've never used that app so I don't know if it works or not.  Try installing it on your test Splunk to see if it works for you.  If it does then request it be installed on your IDM.

Keep in mind that add-ons which cannot be installed on Splunk Cloud usually can be installed on an on-prem Heavy Forwarder which then sends the data to Splunk Cloud.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 06:05 AM

I can see there is one more honeypy, let us know if it works and where we can install on SPlunk cloud?

https://splunkbase.splunk.com/app/4431/

0 Karma
Reply

sahiltcs
Path Finder
‎10-21-2020 03:14 AM

We have finalized the canary app , but only challenge we are facing Canary app is compatible with Splunk Cloud but the Canary addon is not compatible with Splunk Cloud as well as with the existing version of Splunk Enterprise(HF).  can we wait till the splunk fixes up issues for the new version?

Can you Please suggest a way to move forward.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-13-2020 08:14 AM

There are a few ways to onboard data into Splunk.

  1. Install a universal forwarder on the server to send log files to Splunk
  2. Have the server send syslog data to Splunk via a syslog server or Splunk Connect for Syslog
  3. Use the server's API to extract data for indexing
  4. Use Splunk DB Connect to pull data from the server's SQL database.

There may be other options if the service in question is in the cloud.

What is it you wish to do with Canary?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...