インストールと設定: はじめに

[これは、Recorded Future App for Splunk Enterpriseのv4.0.x用です]

アプリをダウンロード

The latest version of the Recorded Future app for Splunk Enterprise is available on splunkbase.

アプリの初期設定

Once the app has been installed on the Splunk server the initial setup of the app is done under Configuration->Global configuration.

「構成」ビューには、「プロキシー」、「ログ」、「アドオン設定」の 3 つのペインがあります。

To be able to see and configure API key, Proxy settings and API URL in the Splunk App, the user needs the capability 'list_storage_passwords'. To be able to change the logging level, the user needs the capability 'admin_all_objects'.

アプリを動作させるには、API キーを [アドオン設定] ペインで設定する必要があります

プロキシ

If the Splunk server uses a proxy to access the Internet this should be configured here. If no proxy is used leave the Enabled checkbox unchecked.

Host and port must always be set. If the proxy requires authentication the username and password should be set here. If authentication is not used these fields should be left empty.

伐採

追加のログ記録が必要な場合は、ここでログレベルを調整できます。

推奨されるログレベルは INFO です。

The integration logs to the standard Splunk log directory ($SPLUNK_HOME/var/log/splunk). The following log files will be created (depending on app configuration and usage all may not exist):

  • ta_recordedfuture_cyber_recorded_future_risk_list.log
  • ta_recordedfuture_cyber_recorded_future_alerts.log
  • ta_recordedfuture_cyber_rest.log

The events logged into these files can be viewed either as files on the Splunk server of via the Splunk GUI.

検索の例:

index=_* source="/opt/splunk/var/log/splunk/ta_recordedfuture_cyber_recorded_future_alerts.log"

Add-on Settings

The Recorded Future API key required for the proper operation of the app is entered in the Api key field.

In some rare situations it may be necessary to change the URL the the Recorded Future API. If Recorded Future support instructs you to do so the URL should be entered in the Recorded Future Api URL field.

Further help

Your Recorded Future Intelligence Services consultant would be happy to help you with additional questions and advice.  If you do not know who that is, you can also contact support@recordedfuture.com.

「Recorded Future for Splunk Enterprise」についてSplunkサポートに問い合わせないでください。