Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Integration with Vectra NDR solution

Bisho-Fouad
Explorer
‎12-24-2023 11:29 PM

how can i Integrate between splunk and Vectra NDR solution ?
what is the full path to get fully integration ?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

Bisho-Fouad
Explorer
‎12-27-2023 01:39 AM

Hello @richgalloway 

Thank you for your support. However, I would like to demonstrate that my NDR solution utilizes a centralized server called "Brain" to gather logs from network sensors. In order to achieve this, the optimal approach would be to establish a channel connecting the heavy forwarder to the NDR Brain.

Therefore, I would appreciate your recommendations on this matter.


so the best solution will be to create a channel between heavy forwarder and this NDR Brain

so what is your recommendations ??

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-27-2023 05:27 AM

Have you seen this guide for integrating Vectra with Splunk?  https://support.vectra.ai/s/article/KB-VS-1585

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-25-2023 06:05 AM

There are a few ways to onboard data into Splunk.

  1. Install a universal forwarder on the server to send log files to Splunk
  2. Have the server send syslog data to Splunk via a syslog server or Splunk Connect for Syslog
  3. Use the server's API to extract data for indexing
  4. Use Splunk DB Connect to pull data from the server's SQL database.
  5. Have the application send data directly to Splunk using HTTP Event Collector (HEC).
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...
Top