Integrations provide the main mechanism for external alert handling. Integrations are found within the Admin Panel. By default alerts can be pointed at a Syslog Server or SIEM that can handle Common Event Format (CEF) alerts sent via Syslog. Native integrations also exist for outputting analyzed data to Splunk™ and Elastic™ log managers.
Syslog / SIEM: Allows some or all alerts to be sent to your Syslog tools.
Splunk™: Allows some or all alerts to be sent to SPLUNK for additional actions.
Infocyte provides an app available on Splunkbase. The app will generate an index and HTTP Event Collector token that you must enable manually.
- Download app from Splunkbase (https://splunkbase.splunk.com/app/3695/)
- In Splunk, go to Settings > Data Inputs > HTTP Event Collector
- Click on Global Settings to enable all event collectors
- Take note of the port to send the data to
- Take note of the token value
- Go to Infocyte
- Go to the Account > Admin > Integrations
- Click on Splunk > Add Splunk integration
- Add the URL for Splunk, port (default 8088), and token
- Configure the data you want to be sent to Splunk
- Run a scan on a box to test the data is being sent to Splunk
- Check the Infocyte dashboard.
Elastic™: Allows some or all alerts to be sent to SPLUNK for additional actions.
For additional information, or assistance configuring integrations, please contact Support@Infocyte.Com