Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to integrate a website url to splunk?

mohammadsharukh
Path Finder
‎06-09-2022 07:21 PM

I am stuck on a integration.

Scenario:- we have pas sever who generally does the va scan of all the environment now we need to integrate this with splunk

Problem statement:-the pas server run queries on the data and is storing it in a virtual directory in itslef now the client has installed the windows iis webserver and hosted this directory on a https url and the reports are showing on a url as 

E.g url/report1, url/report2 etc.

Client has created a service account and password for security to login to website and access the reports. 

Now we have 3 things:- https url, username and password. 

Which method of integration i should go with?

Note :- client said no to u.f installation on the windows server and i checked and found no addon on splunkbase

Correct me on Possible solution:-

1) use the inbuilt rest api method but instead of username and password i should ask him for api key?

2)if he cant provide api key then i need to go to addon builder and then create an addon with username and password as authentication? Has anybody worked on this? Is there any documentation avaiy with you? I am not sure of this method

3) use curl command and also put creds and download the report to another server and then use u.f on it to send to splunk. I am not sure of this method due to security concerns.

Help me out url, username ans password

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-09-2022 11:38 PM

Hi @mohammadsharukh,

the easiest approach is always using Forwarder, but if you cannot, I hint to use a scipt using REST API.

The problem of login and password is solved by Splunk: you can store credentials in an eacrypted Splunk conf file and run the script by Splunk inputs.

We used this approach for one of out customers and it runs.

You can find the instructions about how to do it at https://www.splunk.com/en_us/blog/security/storing-encrypted-credentials.html

Then you could create a setup page to upload credentials in the encrypted Splunk conf file, for more infos see at https://www.splunk.com/en_us/blog/tips-and-tricks/enable-first-run-app-configuration-with-setup-page....

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...