Getting Data In

How to integrate a website url to splunk?

mohammadsharukh
Path Finder

I am stuck on a integration.

Scenario:- we have pas sever who generally does the va scan of all the environment now we need to integrate this with splunk

Problem statement:-the pas server run queries on the data and is storing it in a virtual directory in itslef now the client has installed the windows iis webserver and hosted this directory on a https url and the reports are showing on a url as 

E.g url/report1, url/report2 etc.

Client has created a service account and password for security to login to website and access the reports. 

Now we have 3 things:- https url, username and password. 

Which method of integration i should go with?

Note :- client said no to u.f installation on the windows server and i checked and found no addon on splunkbase

Correct me on Possible solution:-

1) use the inbuilt rest api method but instead of username and password i should ask him for api key?

2)if he cant provide api key then i need to go to addon builder and then create an addon with username and password as authentication? Has anybody worked on this? Is there any documentation avaiy with you? I am not sure of this method

3) use curl command and also put creds and download the report to another server and then use u.f on it to send to splunk. I am not sure of this method due to security concerns.

Help me out url, username ans password

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @mohammadsharukh,

the easiest approach is always using Forwarder, but if you cannot, I hint to use a scipt using REST API.

The problem of login and password is solved by Splunk: you can store credentials in an eacrypted Splunk conf file and run the script by Splunk inputs.

We used this approach for one of out customers and it runs.

You can find the instructions about how to do it at https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html

Then you could create a setup page to upload credentials in the encrypted Splunk conf file, for more infos see at https://www.splunk.com/en_us/blog/tips-and-tricks/enable-first-run-app-configuration-with-setup-page....

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...