Splunk

Integrating with Splunk with the SUSE® Security Splunk App

The SUSE® Security Splunk App can be found in the splunkbase catalog here or by searching for SUSE® Security.

The SUSE® Security Security dashboard helps to identify security events such as suspicious login attempts, network violations and vulnerable images.

Below are sample screens displayed in the Splunk app.

Image Vulnerabilities

vulnerabilities

Admission Control and Security Events

admission_security

Network Violations by Pod/Service (Deployments)

network

Egress Connection Summary

egress

SUSE® Security Login Activity Dashboard

logins

Setup and Configuration

Getting the app

GitHub

Download the latest app tarball (neuvector_app.tar.gz) from the neuvector/neuvector-splunk-app repository.

Splunkbase

Download the latest app tarball from Splunkbase.

Splunk Apps Browser

In the Splunk UI, click on the Apps dropdown, click "Find More Apps", then search for SUSE® Security Splunk App.

Installation and Setup

Install the app by either uploading the tarball or following the Splunkbase prompts.

Configure syslog in SUSE® Security console

Go to Settings → Configuration → Syslog

  1. set the server value as the IP address that Splunk is running

  2. choose TCP as the protocol

  3. set port number as 10514

  4. choose Info Level

  5. click SUBMIT to save the setting.

syslog

You can configure multiple clusters to send syslog to your splunk instance and your splunk instance will receive these syslogs in real time.

FAQs

What user role is required?

Any user role.