All Apps and Add-ons

Integrating Splunk with Intellitrust

souravmondal
New Member

Hello,

I am searching a good document for the integration between Entrust Intellitrust and Splunk. We have alreay completed the required configuration at the Intellitrust end and searching for the configuration we should do at the Splunk end.

Thanks,
Sourav

0 Karma

inventsekar
Ultra Champion

The splunkbase app got this details:(i am not sure if there are any other documentations available for this app)
https://splunkbase.splunk.com/app/4204/#/details

Documentation:

Refer to the Admin Guide from your Entrust Datacard IntelliTrust account for assistance.

Configuration:

Before configuring the add-on, customers must create a Splunk application prior to this step. See the IntelliTrust Admin Online Help for more information.

To configure your add-on, complete the following steps after downloading and installing the add-on:

  1. Create a new input for your IntelliTrust source.
  2. Select the category of logs you would like to import from IntelliTrust into Splunk. The categories are: a. Authentication Events b. Management Events c. Both (By default both categories are selected)
  3. Enter the interval (in seconds) to set the frequency that audit logs in IntelliTrust are imported into Splunk. The interval cannot be less than 30 seconds. The first time the add-on is enabled, all events are imported into Splunk. After that, events are imported at the set interval rate.
  4. Under Configuration > Add-on Settings enter the json value that was created when you added a Splunk application in IntelliTrust. Upon successful configuration, this add-on will automatically import all previously logged audits for the specified category into Splunk.

Once the data source is enabled and data is being pulled in, administrators can create dashboards with IntelliTrust audit data.

As you are a new user to Splunk Answers, you can upvote the answers/comments,
if this answer resolved your query, you can select this answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

0 Karma

souravmondal
New Member

Thanks for your reply!
Yes I already went through this documentation. But they only specified the below

"To configure your add-on, complete the following steps after downloading and installing the add-on"

how and where to install is not specified. and I need to know how to install the addon and if there is any specific location I should install the add-on.

Thanks and Regards,
Sourav

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...