I am stuck on a integration.
Scenario:- we have pas sever who generally does the va scan of all the environment now we need to integrate this with splunk
Problem statement:-the pas server run queries on the data and is storing it in a virtual directory in itslef now the client has installed the windows iis webserver and hosted this directory on a https url and the reports are showing on a url as
E.g url/report1, url/report2 etc.
Client has created a service account and password for security to login to website and access the reports.
Now we have 3 things:- https url, username and password.
Which method of integration i should go with?
Note :- client said no to u.f installation on the windows server and i checked and found no addon on splunkbase
Correct me on Possible solution:-
1) use the inbuilt rest api method but instead of username and password i should ask him for api key?
2)if he cant provide api key then i need to go to addon builder and then create an addon with username and password as authentication? Has anybody worked on this? Is there any documentation avaiy with you? I am not sure of this method
3) use curl command and also put creds and download the report to another server and then use u.f on it to send to splunk. I am not sure of this method due to security concerns.
Help me out url, username ans password
Hi @mohammadsharukh,
the easiest approach is always using Forwarder, but if you cannot, I hint to use a scipt using REST API.
The problem of login and password is solved by Splunk: you can store credentials in an eacrypted Splunk conf file and run the script by Splunk inputs.
We used this approach for one of out customers and it runs.
You can find the instructions about how to do it at https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html
Then you could create a setup page to upload credentials in the encrypted Splunk conf file, for more infos see at https://www.splunk.com/en_us/blog/tips-and-tricks/enable-first-run-app-configuration-with-setup-page....
Ciao.
Giuseppe