Scribd
Upload
14 views

Configure The Splunk Integration

This document provides instructions for configuring the Splunk integration with the Island Management Console. It explains generating an API key in Island and using it to configure a Splunk data input. Once configured, Splunk should start receiving logs and events from Island, including user and admin audit events. The prerequisites of having permission in Island and the required role in Splunk are also covered.

Uploaded by

nahafiy953
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Configure The Splunk Integration

This document provides instructions for configuring the Splunk integration with the Island Management Console. It explains generating an API key in Island and using it to configure a Splunk data input. Once configured, Splunk should start receiving logs and events from Island, including user and admin audit events. The prerequisites of having permission in Island and the required role in Splunk are also covered.

Uploaded by

nahafiy953
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Configure the Splunk Integration

 Updated on 27 Feb 2023 •  2 Minutes to read


This article explains configuring the Splunk integration with the Island Management Console. Once configured,
the Splunk service should start receiving logs/events from the Island Management Console, which includes user
events from the browser and admin audit events from the management console. This article can be referenced
for configuring Splunk Enterprise, and Splunk Cloud Platform configurations.

Prerequisites
Before configuring the Splunk integration to receive logs/events from the Island Management Console, there
are several prerequisites:

You must have permission to configure integrations in the Island Management Console (i.e. full admin, system
admin)
You must have the required role to install add-ons and apps on Splunk Enterprise or the Splunk Cloud Platform
(i.e. sc_admin).

Configure the Integration in Island


To configure the integration in Island, perform the following:

1. From the Island Management Console, navigate to Settings > Integrations > SIEM.

2. Click Setup for the Splunk SIEM integration. The Splunk Integration Settings drawer is displayed to assist in

the Splunk configuration.
3. Click Generate API Key. Note that you can always deactivate and delete this token and generate a new one.

4. Copy the API Key to your clipboard, and use it in the Configure the Integration in Splunk settings, as
shown below. Note that this token key will disappear after you click Done.

Configure the Integration in Splunk


To configure the integration in Splunk, perform the following:

1. Install the Island Add-on for Splunk by downloading it from the SIEM page in the Management Console, or
by installing it from within Splunk. If you download from within Splunk, please consult with your Island SE, or
contact our technical support team to be added to the downloaders list. 
2. Follow the installation steps specific to your Splunk configuration:

For single-instance Splunk Enterprise - Install an add-on in a single-instance Splunk Enterprise


deployment
For Splunk Cloud - Install apps on your Splunk Cloud Platform deployment
3. From within Splunk, navigate to Settings > Data Inputs > Island Audit Input, and click Create New Input.

4. Enter a unique Name and paste the API Key, that you saved in the previous step, into the relevant fields.

5. Click Next to continue.

Note: If you modify any of the definitions in More Settings, keeping the Interval parameter at 60
seconds is essential.

6. If a proxy is required, for outbound connectivity on port 443, you can configure this under Configuration >
Proxy.

7. Navigate to Configuration > Add-on Settings and click Save, for the Island Add-on for Splunk to begin
working.

8. Go back to Settings > Integrations > SIEM, in the Island Management Console. If the integration
succeeded, the Up and Running status should be displayed.

9. Now you should be able to search for audits, by navigating to Island Add-on for Splunk > Search, and typing
sourcetype=”island-audits”.

If you have any questions or issues, please consult with your Island SE, or contact our technical support team.

Previous Next

Mapping Island Event Data to SIEM CEF Fields Configure the Microsoft Sentinel Integration 

You might also like