cascade-server icon indicating copy to clipboard operation
cascade-server copied to clipboard

Published 20 hours ago verified publisher icon mitre

Splunk and cascade

Open sulaimanbale opened this issue 5 years ago • 5 comments

image

May i know what is app ? and how can i connect my splunk server to cascade?

sulaimanbale avatar Sep 25 '19 06:09 sulaimanbale

Hi @sulaimanbale,

In the cascade-server code that interacts with Splunk, the app parameter is passed into the Splunk Python SDK: see https://docs.splunk.com/DocumentationStatic/PythonSDK/1.1/client.html it is described as:

app (string) – The app context of the namespace (optional).

If your Splunk deployment doesn't require defining an app, then you can leave this blank.

unkempthenry avatar Oct 02 '19 01:10 unkempthenry

Hi, I have sysmon setup in splunk and how can I connect t it to cascade ?

What do I fill up for app configuration?

sulaimanbale11 avatar Oct 02 '19 03:10 sulaimanbale11

You can leave app configuration blank.

Cascade probably won't be able to see much from a default Splunk installation. I'm asking around to see if there's a released Splunk app / configuration that will work.

unkempthenry avatar Oct 16 '19 20:10 unkempthenry

Okay

sulaimanbale avatar Oct 17 '19 07:10 sulaimanbale

After doing so how do i get sysmon splunk logs in cascade?

sulaimanbale avatar Oct 17 '19 07:10 sulaimanbale