![]() If you don't see data, go to the menu and click Debug > Akamai Logging dashboard. If you see data then setup was successful: Return to the Splunk homepage and click Akamai SIEM. If it takes more than 60 seconds to fetch the data, increase the interval value to the amount of seconds you need to complete the task. In that case, leave the Interval field blank. Enter 60 unless you have entered values in both the Initial Epoch Time and Final Epoch Time fields to retrieve security events for a specified time period. Number of seconds between fetch requests. For example, if you have a problem with the connector, use DEBUG to get more detailed messages that will help you troubleshoot. Specifies the message types that are logged. By default, the log level is set to INFO, but you can change it to WARN, ERROR, FATAL, or DEBUG to get more data for certain situations. If not specified, the API retrieves a maximum of 150,000 records per call. To limit the number of security events pulled with each API call, enter an integer value here. If you encounter an issue with your events, you can later use these fields to retrieve security event data for a specific time period. Initial Epoch Time and Final Epoch Time.Enter the port number you use to connect to your proxy server. Enter the proxy host name of your proxy server. Enter the values copied when you provisioned the SIEM API. Client Token, Client Secret, and Access Token.Enter the Configuration ID copied when you enabled SIEM in Akamai Control Center Enter the host URL copied when you provisioned the SIEM API. You see Akamai SIEM API (Security Information and Event Management):įrom the menu, click Settings > Data Inputs.Ĭlick the Akamai Security Incident Event Manager API.Ĭlick New and complete the following fields: Next to Apps at the top of the navigation bar, click the gear icon.īrowse to and select akamai-siem-integration_x.tgz ( x being the latest version available) and then click Open. In Splunk, in the upper left of the screen, click the Splunk icon. Go to Settings > Data Inputs > Files and Directories.Įnable /var/log/messages (this is disabled by default).Tip: On Splunkbase, subscribe to this connector to be notified of future updates. In a stand-alone Splunk environment with a local syslog: In the Listen to Port text box, enter 9997.Ĭlick Save to send messages from the Forward Server to port 9997. Go to Settings > Forwarding and receiving > Configure Receiving > Add New. In a distributed Splunk environment with a Forward Server: Go to Apps > Browse, Select Centrify Identity Platform Add-on for Splunk. To install the Splunk Add-on from the Splunk Web UI: The Splunk Add-on must be installed on the indexer and on the search head. In a terminal, navigate to the path of Splunk Universal Forwarder:Īdd the Forward server in the bin folder, using the IP address of the Splunk Indexer as the and the Receiver port configured on the Splunk Indexer as the (usually 9997): To configure Splunk Universal Forwarder for a distributed setup: ![]() In a distributed Splunk environment, the Splunk Universal Forwarder must be set up on the machine with the Syslog server so that the Centrify PAS events in syslog get forwarded to the Indexer. Setting Up the Splunk Universal Forwarder ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |