[Dies gilt für v4.0.x der Recorded Future App für Splunk Enterprise]

Laden Sie die App herunter

The latest version of the Recorded Future app for Splunk Enterprise is available on splunkbase.

Ersteinrichtung der App

Once the app has been installed on the Splunk server the initial setup of the app is done under Configuration->Global configuration.

Die Konfigurationsansicht verfügt über drei Bereiche: Proxy, Protokollierung und Add-On-Einstellungen.

To be able to see and configure API key, Proxy settings and API URL in the Splunk App, the user needs the capability 'list_storage_passwords'. To be able to change the logging level, the user needs the capability 'admin_all_objects'.

Der API-Schlüssel muss im Bereich Add-On-Einstellungen konfiguriert werden, damit die App funktioniert.

Stellvertreter

If the Splunk server uses a proxy to access the Internet this should be configured here. If no proxy is used leave the Enabled checkbox unchecked.

Host and port must always be set. If the proxy requires authentication the username and password should be set here. If authentication is not used these fields should be left empty.

Protokollierung

Wenn eine zusätzliche Protokollierung erforderlich ist, ist es möglich, die Protokollebene hier anzupassen.

Die empfohlene Protokollebene ist INFO.

The integration logs to the standard Splunk log directory ($SPLUNK_HOME/var/log/splunk). The following log files will be created (depending on app configuration and usage all may not exist):

• ta_recordedfuture_cyber_recorded_future_risk_list.log
• ta_recordedfuture_cyber_recorded_future_alerts.log
• ta_recordedfuture_cyber_rest.log

The events logged into these files can be viewed either as files on the Splunk server of via the Splunk GUI.

Beispiel für eine Suche:

index=_* source="/opt/splunk/var/log/splunk/ta_recordedfuture_cyber_recorded_future_alerts.log"

Add-on Settings

The Recorded Future API key required for the proper operation of the app is entered in the Api key field.

In some rare situations it may be necessary to change the URL the the Recorded Future API. If Recorded Future support instructs you to do so the URL should be entered in the Recorded Future Api URL field.

Further help

Your Recorded Future Intelligence Services consultant would be happy to help you with additional questions and advice.  If you do not know who that is, you can also contact support@recordedfuture.com.

Bitte wenden Sie sich nicht an den Splunk-Support bezüglich "Recorded Future for Splunk Enterprise".