Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Splunk and cascade #5

Open
sulaimanbale opened this issue Sep 25, 2019 · 5 comments
Open

Splunk and cascade #5

sulaimanbale opened this issue Sep 25, 2019 · 5 comments

Comments

@sulaimanbale
Copy link

image

May i know what is app ? and how can i connect my splunk server to cascade?
@unkempthenry
Copy link
Contributor

unkempthenry commented Oct 2, 2019
edited
Loading

Hi @sulaimanbale,

In the cascade-server code that interacts with Splunk, the app parameter is passed into the Splunk Python SDK: see https://docs.splunk.com/DocumentationStatic/PythonSDK/1.1/client.html it is described as:

app (string) – The app context of the namespace (optional).

If your Splunk deployment doesn't require defining an app, then you can leave this blank.

@sulaimanbale11
Copy link

Hi, I have sysmon setup in splunk and how can I connect t it to cascade ?

What do I fill up for app configuration?

@unkempthenry
Copy link
Contributor

You can leave app configuration blank.

Cascade probably won't be able to see much from a default Splunk installation. I'm asking around to see if there's a released Splunk app / configuration that will work.

@sulaimanbale
Copy link
Author

Okay

@sulaimanbale
Copy link
Author

After doing so how do i get sysmon splunk logs in cascade?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@unkempthenry @sulaimanbale @sulaimanbale11