Re: RSA envision SIEM integration

yhamza · ‎09-30-2012

How do I pull data from RSA envision SIEM aside from exporting CSV files?

dimitris_vergos · ‎03-14-2016

Events within RSA enVision can output directly to a flat file by way of the “lsdata” command. Based on specific criteria passed with the lsdata command, events collected are presented in a syslog formatted log file.

Example: lsdata –events syslog –time start now >> log.unx

After that you can have these files be picked up by Splunk UF/HF and forward them to your Splunk index.

/D

Ayn · ‎09-30-2012

It seems that is an EnVision question, not a Splunk question.

yhamza · ‎05-15-2013

Yes, I'm in contact with Splunk Professional Services and they confirmed they can arrange to pull data from enVision.

Jjza · ‎11-30-2012

Yahmza, did you manage to find an answer to your question elsewhere? I am considering the use of Splunk within my environment and integration with EnVision would be key.

Ayn · ‎11-19-2012

No, and the question is not a Splunk question, therefore I'm just pointing out that you'd be better off asking the same question in en EnVision forum.

yhamza · ‎11-19-2012

This is not an answer.

RSA envision SIEM integration

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?