The Valtix App for Splunk enables Splunk Enterprise to ingest, analyze and correlate security and flow logs collected from the Valtix Cloud Firewalls. Deployed into AWS and Azure environments, the data collected by the Valtix Cloud Firewalls provides a consolidated view of security events and app-to-app communications across multi-cloud environments.
Key insights provided by the Valtix App for Splunk include:
-Threat events detected (from WAF, IPS and Firewall inspection) from decrypted (HTTPS) and transported in the clear app-to-app communications..
-Threat event reporting that isolate threat events to specific AWS/Azure regions, VPC/VNet’s and hosts and applications.
-Searchable, aggregated flow logs ingested from across multi-cloud environments.
The configuration is performed from the user-interface of the Valtix Cloud Controller.
Once the log forwarder for Splunk is added to the Valtix configuration, all security policies configured to log will be enabled to log the flow and threat logs that match those security policies.
1) Under the ‘Manage’ menu, choose the ‘Log Forwarding’ option to create a log forwarder task
2) Click ‘Create’ and fill in the required fields
Profile Name: Create a unique name for the object
Endpoint: URL of the Splunk log collector: https://input-<host>:<port>/<endpoint>
Token: API token used by the Valtix Cloud controller to insert logs into the Splunk collector
See the Splunk docs for reference: https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/RESTUM/RESTusing
3) Verify logs are being ingested in your Splunk server. Search for logs associated with the hostname of the Valtix Controller
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.