Splunk
      Back to home
      1. Knowledge Base
      2. Integrations
      3. Splunk

      How do I integrate with Splunk?

      Introduction

      The Splunk App allows a customer to look up the number of vulnerabilities per severity for a network asset using its IP addresses (IPv4/IPv6) directly inside of Splunk.

      The lookup is done against Holm Security VMP using its REST API to retrieve information about the asset. The app works both for SaaS and On-Premise installations of Holm Security VMP.

      Example use case:
      To get more context about a network asset and understand what the security risk is on it. Use the search lookup command to get enhanced information about it using this app that integrates with Holm Security.

      Severity levels:

      • Critical
      • High
      • Medium
      • Low
      • Info

      Prerequisites

      This guide assumes that the Splunk app package (tar.gz) is available for the customer and that the customer has access to install apps on their Splunk instance as well as editing the files provisioned by the Splunk app inside of the apps directory.

      Install

      Log in to Splunk and install the new app using the tar.gz file

      Configure

      To configure the app, you will need to edit the app config inside the bin/holm.py of the app.

      • Splunk\etc\apps\holm-security\bin
      • open for edit: holm.py
      • Replace xyz with your API TOKEN
      • Replace ABC with your API HOST + PORT
      • Save holm.py

      Use The App

      In the search field: | holm asset_ip=x.x.x.x

      Limitations

      There is a UI for configuring the app, but it is not functional. Configure the app using the steps described above.

      Note : The integration with Splunk is also located in this link :

      https://github.com/holmsecurity/api-examples/tree/master/integrations/splunk