Fidelis Cybersecurity Add-on for Splunk will listen for Syslog messages from Fidelis Cybersecurity on specific port and index it into Splunk.
1) Add-on app, which listens for Syslog messages from Fidelis Cybersecurity.
2) Main app for visualizing Fidelis Cybersecurity data.
This App can be set up in two ways:
1) Standalone Mode: Install main app and Add-on app.
2) Distributed Environment: Install the main app and Add-on app on search head. Add-on app on forwarder and Indexer.
* Configure Add-on app on forwarder. * Main app on search head uses the received data and builds dashboards on it.
If you are using index different than "main", please change the index name into inputs.conf and macros.conf files. By default the app will ingest data into main index
After installation, go to the Apps->Manage Apps->Set up Technology Add-on for Fidelis Cybersecurity. New setup screen will open which will ask for Fidelis Cybersecurity Command post details. Provide Port to listen for Fidelis Alert traffic, Protocol, Command Post URL, Command Post Port Number, User Name and password for Fidelis Cybersecurity Command post and save them.
This app is compatible with CIM 4.x >=
The main app dashboard can take some time before the data is returned which will populate some of the panels. A good test to see that you are receiving all of the data we expect is to run this search after several minutes:
search `fidelis_get_xps_event` | stats count by sourcetype
In particular, you should see these sourcetypes:
If you don't see these sourcetypes, have a look at the log file $SPLUNK_HOME$/var/log/TA-Fidelis-Analytics/fidelis.log.
Corrected label on setup page.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.