How do you deploy Splunk ProofPoint Add-in?

marlongarcia · ‎09-24-2018

Hi All -

I'm new with Splunk and currently just started learning the Fundamentals. I just received a request to setup and configure ProofPoint RSyslog in Splunk.

Hoping to give me more information and instruction how to setup the Proofpoint add-in in Splunk.

Thank you in advance and any inputs and suggestion is highly appreciated.

adonio · ‎09-24-2018

Hello and Welcome to Splunk!
start with a little reading on the ProofPOint Side:
https://www.proofpoint.com/us/technology-partners/splunk
then dive in to how the app integrates: (there are 2 add-ons and i always forget which one trumps)
https://splunkbase.splunk.com/app/3080/#/details - this one i think works with syslog
https://splunkbase.splunk.com/app/3681/ - this one is with API Modular Input
enjoy answers from other members asking the same question you do:
https://answers.splunk.com/answers/405250/how-to-pull-logs-into-splunk-from-proofpoint-via-a.html

hope it helps and enjoy the journey!

marlongarcia · ‎09-24-2018

Thank you Adonio for the links. Will definitely check this and keep you posted.

Hopefully I can successfully setup the PP in Splunk.

How do you deploy Splunk ProofPoint Add-in?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...