All Apps and Add-ons

Imperva cloud integration with Splunk

manishchoudhary
Loves-to-Learn

Hello Team, 

We want to integrate imperva cloud with splunk. We have install TA-Incapsula-cef in splunk however, unable to integrate with Splunk. 

Kindly provide your support.

Labels (2)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

We need more information.  Please elaborate on "unable to integrate".  How are you trying to integrate?  What results did you get?

Know that installing a vendor's app or TA is not a magic pill that will connect Splunk with your other product(s). Some effort is required on your part to get data from your various products and services into Splunk.

There are a few ways to onboard data into Splunk.

Install a universal forwarder on the server to send log files to Splunk
Have the server send syslog data to Splunk via a syslog server or Splunk Connect for Syslog
Use the server's API to extract data for indexing
Use Splunk DB Connect to pull data from the server's SQL database.

---
If this reply helps you, Karma would be appreciated.
0 Karma

manishchoudhary
Loves-to-Learn

Sorry for the incomplete information. I am trying to integrate with API however, with the incapsula add-on it was suggested that there will be some script that needs to be run to update the API credentials.  Below is the add-on that we use to do the API integration.

https://splunkbase.splunk.com/app/4690/#/details 

However, it says that script need to be use to configure the API. Kindly provide some support on that. 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The linked page does not use the word "script" anywhere so I don't know how to answer your question.

---
If this reply helps you, Karma would be appreciated.
0 Karma

manishchoudhary
Loves-to-Learn

I have checked this page as well where it says the incapsula.spl file to download. However, the issue is to get the data through API from Imperva cloud. When I install this add-on I am not getting an option to put the API information. 

I need some document or steps to integrate Imperva cloud with Splunk through API. Because in our environment we can't install the Splunk UF on the server side. 

Can you please suggest something, and sorry for the confusion regarding the script and all. 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

A .spl file is a Splunk app (actually, a renamed compress tarball), not a script.  The Imperva app in question doesn't ask for API information because it doesn't use an API.  It's just a set of config files that interpret data received from Imperva by performing field extractions, lookups, etc..  It's up to you, the user, to get data from Imperva into Splunk.  If you want to use the API to do that then you could write a modular input that uses the Imperva API to collect data and then writes that data to Splunk using the incapsula sourcetype.

A modular input essentially is a script that does some work and creates some output.  The output is indexed in Splunk.  For details, see https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/custominputs/ .

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...