Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Integration with Vectra NDR solution

Bisho-Fouad
Explorer
‎12-24-2023 11:29 PM

how can i Integrate between splunk and Vectra NDR solution ?
what is the full path to get fully integration ?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

Bisho-Fouad
Explorer
‎12-27-2023 01:39 AM

Hello @richgalloway 

Thank you for your support. However, I would like to demonstrate that my NDR solution utilizes a centralized server called "Brain" to gather logs from network sensors. In order to achieve this, the optimal approach would be to establish a channel connecting the heavy forwarder to the NDR Brain.

Therefore, I would appreciate your recommendations on this matter.


so the best solution will be to create a channel between heavy forwarder and this NDR Brain

so what is your recommendations ??

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-27-2023 05:27 AM

Have you seen this guide for integrating Vectra with Splunk?  https://support.vectra.ai/s/article/KB-VS-1585

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-25-2023 06:05 AM

There are a few ways to onboard data into Splunk.

  1. Install a universal forwarder on the server to send log files to Splunk
  2. Have the server send syslog data to Splunk via a syslog server or Splunk Connect for Syslog
  3. Use the server's API to extract data for indexing
  4. Use Splunk DB Connect to pull data from the server's SQL database.
  5. Have the application send data directly to Splunk using HTTP Event Collector (HEC).
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Developer Program!

Hey Splunk community! We are excited to announce that Splunk is launching the Splunk Developer Program in ...

Splunkbase Year in Review 2024

Reflecting on 2024, it’s clear that innovation and collaboration have defined the journey for Splunk ...

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...
Top