Re: Modern Honey Network: How to use the Splunk Un...

Libabbles · ‎07-06-2017

Hi,
I'm very confused about how to use Splunk with the Modern Honey Network (MHN) app. I installed it and when I go to https://ipaddress:8089 I end up on a page that says "Splunk Atom Feed: splunkd", I know this isn't the way the web interface is supposed to look. I've seen some sites suggest downloading an app but the problem is I can't navigate to the website through the server because there's no GUI. It's for a college project and the instructions say to monitor the log file /var/log/mhn-splunk.log by the Splunk Universal Forwarder. I can see the log file and everything looks ok in it, I'm just confused as to how I can see this data in a web interface?
If anyone could help me out, I'd really appreciate it!

Thanks!

Libabbles · ‎07-08-2017

I figured it out, I used Filezilla to transfer the tgz file, extracted, and installed it and the web interface is working now.

aaraneta_splunk · ‎07-06-2017

@Libabbles - When you say MHN, did you mean the Modern Honey Network app found on Splunkbase?

Libabbles · ‎07-06-2017

It's the Modern Honey Network, yes. I installed it via github though.

aaraneta_splunk · ‎07-06-2017

Thanks for confirming! I just want to make sure your post is tagged appropriately.

Modern Honey Network: How to use the Splunk Universal Forwarder and what is Splunk Atom Feed: splunkd?

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!