This article describes how to set up and use Cyberpions Splunk integration. You can configure your Cyberpion data stream to Splunk to have unified visibility over your activities.
Webinar October 19th – Asset Takeover: The Unseen Risk of Connections
Webinar October 19th – Asset Takeover: The Unseen Risk of Connections
This article describes how to set up and use Cyberpions Splunk integration. You can configure your Cyberpion data stream to Splunk to have unified visibility over your activities.
This article describes how to set up and use Cyberpions Splunk integration. You can configure your Cyberpion data stream to Splunk to have unified visibility over your activities.
The Cyberpion Security Splunk app performs indexed extractions on events, as well as includes visualizations and search macros. For this reason, it should be installed on both the forwarder and the search head (if they are separate).
There are two ways to install the Cyberpion Security Splunk app:
Open the app page on Splunkbase by searching for “Cyberpion Security”, or opening this link – https://splunkbase.splunk.com/app/5642/
Download the app.
Open your Splunk instance’s web interface and navigate to the Manage Apps page.
Click Install app from file on the top right.
Drag the app file to Splunk and hit Upload.
Restart your Splunk instance.
Navigate to the Browse More Apps pane in your Splunk instance’s web interface. This can be reached from the home screen or anywhere in Splunk web by clicking the Find More Apps tab as shown here.
Search for “Cyberpion” and install the Cyberpion Security app.
Restart your Splunk instance.
Go to Settings -> Advanced Search -> Macros
Search for cp_indexes
Define the index/es that will contain Cyberpion’s data (this is used by all predefined Macros and Dashboards to query Cyberpion’s logs.)
The Cyberpion integration uses an HTTP Event Collector (HEC) to push data to your Splunk instance.
Navigate to Settings -> Data Inputs -> HTTP Event Collector
Click Global Settings and ensure that All Tokens is set to Enabled
Click New Token on the top right and fill out the forms.
Under Input Settings make sure to
After submitting, make note of the created HEC token.
In your Portal, navigate to Settings -> Integrations
Click the Splunk Integration -> Settings
Fill out the HEC Token and Splunk Server with the HEC port. For example:
Fill out the rest of the data important to you (push interval, etc.)
Hit Save.
Turn on your integration.
Congratulations! You should soon be able to see Cyberpion’s events in Splunk.
It may take up to one hour for data to appear in the account. Once there, data will also be available via the search tab.
Finally, head over to the dashboard view to see an aggregated view of the information
Request a free hyper external attack surface scan today.
