See a 10-minute overview of the platform.

Watch VIDEO
Go to my account
Search
Search

Technology Integrations

RETURN TO INTEGRATIONS LIST

Splunk
Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a web-style interface.

Splunk

Edgescan Integration Add-on

1 – On Splunk homebase search Edgescan or click here

2 – Click Download

3 – From Splunk Web click on the gear beside ‘Apps’

Splunk Enterprise Dashboard

4 – Select ‘Install app from file

Splunk Enterprise Apps Preview

5 – Locate the downloaded file and click Upload

6 – If Splunk Enterprise prompts you to restart, do so.

7 – Verify the add-on appears in the list of apps and add-ons. You can also find it on the server at $SPLUNK_HOME/etc/apps /<Name_of_add-on>.

Splunk Enterprise Dashboard - Apps preview

 

Importing data into the Edgescan Integration

1 – Edgescan should be available in the lists of apps on the left hand side of your splunk enterprise homepage. Click on Edgescan.

Splunk Enterprise - Edgescan Integration

2 – Under the inputs tab select Create New Input

Splunk Enterprise Dashboard - Inputs

3 – Select one of the options in the dropdown

Splunk Enterprise Dashboard - Inputs

4- Enter a name, interval, Index, Offset, Limit and X-Api-Token and click Add

Splunk Enterprise Dashboard - Vulnerabilities Scann settings

a. Name – A name associated to the data, e.g Edgescan_vulnerabilities
b. Interval – time interval of input in seconds, e.g 900
c. Index – default
d. Offset – where server starts returning the rows. Default is 0.
e. Limit – how many results returned from the server. Default is 250.
f. X-Api-Token – API Key obtained from https://live.edgescan.com

5 – Under the ‘Search’ tab in the search bar there is the ability to search and filter through the results

Splunk Enterprise Dashboard - Search

 

Categories