Getting Data In

UF to indexer and forward specific sourcetype to third-party siem

New Member

Hi, from a customer I have this type, UF with Security events that sends them to a Splunk indexer. I would like to forward these events (only Security ad Application) to a third-party siem.
I tried the configuration found on this post posts but I can't forward these events correctly.

Does anyone have a working configuration?

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.