[이는 Splunk Enterprise용 Recorded Future 앱 v4.0.x용입니다.]

앱 다운로드

The latest version of the Recorded Future app for Splunk Enterprise is available on splunkbase.

앱 초기 설정

Once the app has been installed on the Splunk server the initial setup of the app is done under Configuration->Global configuration.

구성 보기에는 세 개의 창이 있습니다: 프록시, 로깅 및 애드온 설정입니다.

To be able to see and configure API key, Proxy settings and API URL in the Splunk App, the user needs the capability 'list_storage_passwords'. To be able to change the logging level, the user needs the capability 'admin_all_objects'.

앱이 작동하려면 애드온 설정 창에서 API 키를 구성해야 합니다.

프록시

If the Splunk server uses a proxy to access the Internet this should be configured here. If no proxy is used leave the Enabled checkbox unchecked.

Host and port must always be set. If the proxy requires authentication the username and password should be set here. If authentication is not used these fields should be left empty.

로깅

추가 로깅이 필요한 경우 여기에서 로그 수준을 조정할 수 있습니다.

권장 로그 수준은 정보입니다.

The integration logs to the standard Splunk log directory ($SPLUNK_HOME/var/log/splunk). The following log files will be created (depending on app configuration and usage all may not exist):

• ta_recordedfuture_cyber_recorded_future_risk_list.log
• ta_recordedfuture_cyber_recorded_future_alerts.log
• ta_recordedfuture_cyber_rest.log

The events logged into these files can be viewed either as files on the Splunk server of via the Splunk GUI.

검색 예시:

index=_* source="/opt/splunk/var/log/splunk/ta_recordedfuture_cyber_recorded_future_alerts.log"

Add-on Settings

The Recorded Future API key required for the proper operation of the app is entered in the Api key field.

In some rare situations it may be necessary to change the URL the the Recorded Future API. If Recorded Future support instructs you to do so the URL should be entered in the Recorded Future Api URL field.

Further help

Your Recorded Future Intelligence Services consultant would be happy to help you with additional questions and advice.  If you do not know who that is, you can also contact support@recordedfuture.com.

스플렁크 지원팀에 문의하지 마세요 "스플렁크 엔터프라이즈를 위한 기록된 미래".