Hey all,
I already know that beyondtrust has a paid splunk app to get more info like session details into splunk but the demo I saw was specifically referencing Privileged Remote Access and not necessarily Remote Support. Plus the demo was a crap-show with the engineer not even knowing how to navigate the app in Splunk. Anyway, they have the ability to create an outbound event via HTTP or XML APIs. Has anyone created an API for extracting bomgar/beyondtrust session details into Splunk or have suggestions outside of their paid app? Or have suggestions on how to ingest HTTP data in Splunk in a way so I can isolate the Remote Support data to the HTTP event collector on my indexer? Thank you in advance!!