![]() In order to configure the receiving portĬlick on Settings > Forwarding and receiving > Configure receivingĬlick New Receiving Port > Type the port number (e.g. Setup receiving port on the Splunk instance.įorcepoint logs are ingested into Splunk using a port on the local Splunk machine necessary to receive traffic generated by the Universal Forwarder component. Once Splunk has restarted you’ll be able to see Forcepoint under the Apps tab. Sudo cp -r /opt/fp-splunk-app/forcepoint-solutions $SPLUNK_HOME/etc/apps/ \ sudo $SPLUNK_HOME/bin/splunk restart Login to the machine hosting Splunk Enterprise with a user who has administrative privileges.ĭownload the fp-splunk-app package and extract its contents into the /opt/ directory by executing the command below: In order to install the Forcepoint app in Splunk and fp-smc-log-fields-v1.xml are available at.The files needed to set up the integration are available at the following link: User needs sudo permissions in the docker host machine The docker host machine should meet the minimum hardware requirements of at least 20 GB of free storage, 2 GB of RAM and a 64-bit system The docker images have been tested working with the following requirements Docker: leverages a docker image where the integration component is already installed with all necessary dependencies: the user must only edit the configuration files and run the container on an existing docker setup.Monitoring of the scripts, services and applications involved in the solution.The following activities are out of the scope of this document and therefore left to the system administrator, as part of ordinary maintenance procedures to be put in place within the existing infrastructure: These implementation instructions are tested with the following product versions: This guide provides step by step instructions to configure an integration between Forcepoint Next Generation Firewall and Splunk so that insights and data contained into Next Generation Firewall logs are automatically exported, indexed and visualized in Splunk.Ī description of the workflow between the components involved in this POC is depicted in this diagram: ALL CONDITIONS, REPRESENTATIONS AND WARRANTIES WITH RESPECT TO THE SITE OR ITS CONTENT, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THIRD PARTY RIGHTS, ARE HEREBY DISCLAIMED Document Revision TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SITE AND ITS CONTENT IS PROVIDED TO YOU ON AN “AS IS,” “AS AVAILABLE” AND “WHERE-IS” BASIS. These contents are licensed under Apache License, Version 2.0. Check all components are configured and running properly.Setup Splunk Universal Forwarder for Forcepoint Products.Extra steps for distributed Splunk components. ![]()
0 Comments
Leave a Reply. |