This is the HTTP Event Collector authentication token and you will need it when configuring SPS. Copy the Token Value from the Balabit_HEC field. On your Splunk interface, navigate to Settings > Data inputs > HTTP Event Collector. Sourcetype: The source type of the events the SPS fowards is balabit:event. Index: The One Identity Safeguard for Privileged Sessions App for Splunk creates the index automatically, with the name balabit_events. To help identify the source of the received data, the following settings are configured automatically in the One Identity Safeguard for Privileged Sessions App for Splunk: This will automatically enable and configure the HTTP Event Collector (HEC) in your Splunk installation, and create an HTTP Event Collector authentication token ("HEC token") that SPS will use. #Splunk forwarder installInstall the One Identity Safeguard for Privileged Sessions App for Splunk to your Splunk installation. To configure SPS to forward session data to Splunk One Identity recommends using the Universal SIEM forwarder instead. The Splunk forwarder will be deprecated as of version 6.4 of SPS and will be removed in that feature release. SPS does not send historical data to Splunk, only data from the sessions started after you complete this procedure. To configure SPS to forward session data to Splunk, complete the following steps. Using the One Identity Safeguard for Privileged Sessions App for Splunk you can integrate this data with your other sources, and access all your data related to privileged user activities from a single interface. SPS can forward session data to Splunk near real-time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |