Monitoring Splunk

RSA Archer Splunk Integration

azharuddin1
Engager

I'm currently working as an archer engineer on an RSA Archer deployment at a government agency, and I am soliciting any informational knowledge regarding an integration between RSA Archer (V.5.4) and probably the latest version of splunk. Ideally, I would like to have a data feed from splunk feeding into the archer platform to allow our client to have meaningful data regarding enterprise assets and other components that are spread-out around the network. I look forward to you responses.
Regards,

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Your agency's CDM provider should have a solution for this.

I'm aware of two solutions, although there may be others.

The first is have Archer make ODBC calls to Splunk for data. Each call will map to a Splunk saved search that collects the desired data.

The other is to schedule saved searches to collect data and write it to a file. Use cron (or something similar) to copy the file to a location Archer monitors.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

robjackson
Path Finder

He asked for the other way. Archer data to Splunk. Not Splunk to Archer

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!