icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Pulse Connect Secure Add-on for Splunk
SHA256 checksum (pulse-connect-secure-add-on-for-splunk_113.tgz) 35a7a2549dc8637850ea707f56b6afcfa487190076ba171e506a63746f812ef9 SHA256 checksum (pulse-connect-secure-add-on-for-splunk_112.tgz) 79164db6753faffa9a264ad1d3e3dc0b431c49b74a65e84a1cf06723cd51ea38 SHA256 checksum (pulse-connect-secure-add-on-for-splunk_111.tgz) 8d9a74c26abc3829535819fc71f9ccf04451f87aef8bcbce77d6b78b4821d483 SHA256 checksum (pulse-connect-secure-add-on-for-splunk_11.tgz) c160e1f6cc9716b53761baa776e863bca3a78042b444a2872562aa8115397364 SHA256 checksum (pulse-connect-secure-add-on-for-splunk_10.tgz) 76c4965e67c241e14b03321171c9fcad0832bf1bf55407363d8dbc8816cdcd21
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Pulse Connect Secure Add-on for Splunk

Splunk Cloud
This app is NOT supported by Splunk. Please read about what that means for youhere.
Overview
Details
Pulse Connect Secure Add-on for Splunk provides CIM compliant field extractions and data enrichment for your Pulse Connect Secure data.

Pulse Connect Secure® Add-on for Splunk®

Pulse Connect Secure Add-on for Splunk provides CIM compliant field extractions and data enrichment for your Pulse Connect Secure data.

Version 1.1.2

Release Notes

1.1.2: June 2019

-Corrected timestamp extraction
-Added Field extraction for the fields header and priority, sent since the Pulse secure version 8.3R4

1.1.1: January 2019
- Adjusted sourcetype overriding logic by leaving line merging and timestamp extracting parameters in the initial sourcetype only
- Removed and unused transforms.conf entry

1.1: January 2018
- Fixed a sample file

1.0: January 2018
- Initial release

Install Pulse Connect Secure Add-on for Splunk:

Deploy Pulse Connect Secure Add-on for Splunk on your Splunk platform. For distributed environments, Pulse Connect Secure Add-on for Splunk needs to be deployed on the Search Head as well as on Indexer(s) or Heavy Forwarder(s) because it includes transform actions at index-time.

Collect syslog events from a Pulse Connect Secure appliance

In order to forward Pulse Connect Secure syslog data to a Splunk Indexer, Heavy Forwarder or syslog server using Splunk format, please refer the following knowledge base article https://docs.pulsesecure.net/WebHelp/Content/PCS/PCS_AdminGuide_8.2/Configuring%20Syslog.htm

Among various log format, the Standard (default) format should be chosen.

As data is transmitted via UDP only, it is recommended to send it to a syslog server such as rsyslog or syslog-ng, and then to forward it to a Splunk Indexer over TLS.

Index Pulse Connect Secure syslog data:

Never mind the chosen path, Pulse Connect Secure syslog data should be indexed under the sourcetype "pulse:connectsecure". Configure your Splunk receiving instance to accept Pulse Connect Secure / syslog server input.

A sample configuration is provided in Pulse Connect Secure Add-on for Splunk default directory:

[Recommended] When Pulse Connect Secure syslog data is forwarded from a syslog server over TLS:

[tcp-ssl:port]
sourcetype = pulse:connectsecure

[Not recommended] When syslog data is directly forwarded from the Pulse Connect Secure appliance or VM:

[udp://Pulse Connect Secure IP:514]
sourcetype = pulse:connectsecure

It can be used on your Splunk Indexer of Heavy Forwarder.

If needed, please refer to "Get data from TCP and UDP ports" on Splunk Docs.

Log Samples:

Do not hesitate to check provided log samples to make sure your indexed data matches data used to build this Add-on.

Sourcetypes:

Besides indexing events under dedicated sourcetype pulse:connectsecure, Pulse Connect Secure Add-on for Splunk will index Web requests under the sourcetype pulse:connectsecure:web.

CIM Tags:

  • Network Traffic
  • Network Sessions
  • Web
  • Change Analysis
  • Authentication

For any help on this App, contact splunk-(at)-nomios.fr

Release Notes

Version 1.1.3
April 10, 2020

Version 1.1.2
June 5, 2019

-Corrected timestamp extraction
-Added Field extraction for the fields header and priority, sent since the Pulse secure version 8.3R4

Version 1.1.1
Jan. 22, 2019

- Adjusted sourcetype overriding logic by leaving line merging and timestamp extracting parameters in the initial sourcetype only
- Removed and unused transforms.conf entry

Version 1.1
Jan. 18, 2018

- Fixed a sample file

Version 1.0
Jan. 11, 2018

- Initial release

2,716
Installs
3,576
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.