Getting Data In

How to integrate a website url to splunk?

mohammadsharukh
Explorer

I am stuck on a integration.

Scenario:- we have pas sever who generally does the va scan of all the environment now we need to integrate this with splunk

Problem statement:-the pas server run queries on the data and is storing it in a virtual directory in itslef now the client has installed the windows iis webserver and hosted this directory on a https url and the reports are showing on a url as 

E.g url/report1, url/report2 etc.

Client has created a service account and password for security to login to website and access the reports. 

Now we have 3 things:- https url, username and password. 

Which method of integration i should go with?

Note :- client said no to u.f installation on the windows server and i checked and found no addon on splunkbase

Correct me on Possible solution:-

1) use the inbuilt rest api method but instead of username and password i should ask him for api key?

2)if he cant provide api key then i need to go to addon builder and then create an addon with username and password as authentication? Has anybody worked on this? Is there any documentation avaiy with you? I am not sure of this method

3) use curl command and also put creds and download the report to another server and then use u.f on it to send to splunk. I am not sure of this method due to security concerns.

Help me out url, username ans password

Labels (1)
0 Karma

gcusello
Legend

Hi @mohammadsharukh,

the easiest approach is always using Forwarder, but if you cannot, I hint to use a scipt using REST API.

The problem of login and password is solved by Splunk: you can store credentials in an eacrypted Splunk conf file and run the script by Splunk inputs.

We used this approach for one of out customers and it runs.

You can find the instructions about how to do it at https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html

Then you could create a setup page to upload credentials in the encrypted Splunk conf file, for more infos see at https://www.splunk.com/en_us/blog/tips-and-tricks/enable-first-run-app-configuration-with-setup-page....

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...