-
Security updates
-
Product news
-
Next-Gen Vulnerability Management
-
Getting started
-
General
-
Operating status
-
Network & System Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset management
-
Vulnerability manager
-
Reports
-
Digest reports
-
Organizer
-
Continuous monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & conditions
-
Dashboard
How do I integrate with Splunk?
Introduction
The Splunk App allows a customer to look up the number of vulnerabilities per severity for a network asset using its IP addresses (IPv4/IPv6) directly inside of Splunk.
The lookup is done against Holm Security VMP using its REST API to retrieve information about the asset. The app works both for SaaS and On-Premise installations of Holm Security VMP.
Example use case:
To get more context about a network asset and understand what the security risk is on it. Use the search lookup command to get enhanced information about it using this app that integrates with Holm Security.
Severity levels:
- Critical
- High
- Medium
- Low
- Info
Prerequisites
This guide assumes that the Splunk app package (tar.gz) is available for the customer and that the customer has access to install apps on their Splunk instance as well as editing the files provisioned by the Splunk app inside of the apps directory.
Install
Log in to Splunk and install the new app using the tar.gz file
Configure
To configure the app, you will need to edit the app config inside the bin/holm.py of the app.
- Splunk\etc\apps\holm-security\bin
- open for edit: holm.py
- Replace xyz with your API TOKEN
- Replace ABC with your API HOST + PORT
- Save holm.py
Use The App
In the search field: | holm asset_ip=x.x.x.x
Limitations
There is a UI for configuring the app, but it is not functional. Configure the app using the steps described above.
Note : The integration with Splunk is also located in this link :
https://github.com/holmsecurity/api-examples/tree/master/integrations/splunk