Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Beyond Trust Remote Support SaaS integration with Splunk

mohsplunking
Path Finder
‎02-14-2025 01:43 AM

Hello Splunkers,

Checking if anyone has successfully integrated Beyond Trust RS SaaS with Splunk , their official guide only talks about on-prem integration where a Middleware connector needs to be installed, but for Cloud Remote Support application how this can be achieved , is there a Custom TA for REST or a HEC can be used here.

Appreciate some assistance here,

Thanks!

regards,

Moh.

 

 

Labels (3)
0 Karma
Reply

mohsplunking
Path Finder
‎03-03-2025 08:07 AM

Thanks for your inputs here Kiran, however, it does look like that integration guide is for Beyond Trust Remote Support integration 😞

 

regards,

Mohammed.

0 Karma
Reply

kiran_panchavat
Champion
‎03-03-2025 08:54 AM

@mohsplunking 


Since BeyondTrust Remote Support SaaS is a cloud offering, the integration likely relies on its API capabilities or syslog forwarding features that can be directed to Splunk Cloud.
 
HEC 
 
Splunk Cloud supports HEC, which allows you to send data over HTTPS using a token-based authentication method. If BeyondTrust Remote Support SaaS can send event data (e.g., session logs) to a custom endpoint, HEC could ingest this data directly.
 
Custom TA for REST API
 
Check BeyondTrust’s documentation or contact their support to confirm the availability of a REST API for the SaaS version. 
Build a Custom TA.
Install the “REST API Modular Input” app from Splunkbase (if supported in your Splunk Cloud environment; you may need to request Splunk Support to install it).
Configure a REST input with the BeyondTrust API URL, authentication (OAuth or API key), and polling interval (e.g., every 60 seconds).
Write props.conf and transforms.conf in the TA to parse the API response (likely JSON) into meaningful fields for Splunk.
 
Syslog Forwarding with an Intermediary
 
In the BeyondTrust admin interface, set up syslog forwarding to a server you control (e.g., IP address and port like 514 for UDP or TCP.
 
Deploy a Splunk Universal Forwarder on a small VM or container. Configure it to listen for syslog data and forward it to Splunk Cloud using outputs.conf.
 
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

kiran_panchavat
Champion
‎02-14-2025 04:46 AM

@mohsplunking 

Refer to this documentation, where they have specified integration using an HEC token. You can use Splunk's HTTP Event Collector to forward data from BeyondTrust to Splunk. This method involves creating an HTTP Event Collector in Splunk and configuring BeyondTrust to send events to this collector

https://docs.beyondtrust.com/insights/docs/splunk 

Splunk

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...