All Apps and Add-ons

onboard honey pot solution into Splunk

sahiltcs
Path Finder

We need to onboard Honeypot in our Splunk ES Instance, Can you Please help how we can Proceed further.

 

Also I can see there is canary app and add on https://help.canary.tools/hc/en-gb/articles/360002432418-Installing-the-Canary-Splunk-App-and-Add-on

 

Is this fine approach?Please suggest

Labels (2)
0 Karma

sahiltcs
Path Finder

@richgalloway  can you please suggest

We have finalized the canary app , but only challenge we are facing Canary app is compatible with Splunk Cloud but the Canary addon is not compatible with Splunk Cloud as well as with the existing version of Splunk Enterprise(HF).  can we wait till the splunk fixes up issues for the new version?

Can you Please suggest a way to move forward.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Canary apps claim to compatible with Splunk 8.1, but, as you said, are not available for Splunk Cloud.  Since they are not Splunk-supported apps, the best you can do is contact the developer or fix them yourself.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

sahiltcs
Path Finder

@richgalloway  

I can see there is one moreapp honeypy, let us know if it works and where we can install on SPlunk cloud or our IDM server

https://splunkbase.splunk.com/app/4431/

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I've never used that app so I don't know if it works or not.  Try installing it on your test Splunk to see if it works for you.  If it does then request it be installed on your IDM.

Keep in mind that add-ons which cannot be installed on Splunk Cloud usually can be installed on an on-prem Heavy Forwarder which then sends the data to Splunk Cloud.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

sahiltcs
Path Finder

I can see there is one more honeypy, let us know if it works and where we can install on SPlunk cloud?

https://splunkbase.splunk.com/app/4431/

0 Karma

sahiltcs
Path Finder

We have finalized the canary app , but only challenge we are facing Canary app is compatible with Splunk Cloud but the Canary addon is not compatible with Splunk Cloud as well as with the existing version of Splunk Enterprise(HF).  can we wait till the splunk fixes up issues for the new version?

Can you Please suggest a way to move forward.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

There are a few ways to onboard data into Splunk.

  1. Install a universal forwarder on the server to send log files to Splunk
  2. Have the server send syslog data to Splunk via a syslog server or Splunk Connect for Syslog
  3. Use the server's API to extract data for indexing
  4. Use Splunk DB Connect to pull data from the server's SQL database.

There may be other options if the service in question is in the cloud.

What is it you wish to do with Canary?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!