Clumio Audit Logs Ingester add-on helps our customers to get Clumio's audit logs in near real-time to Splunk. Clumio's software audit logs should capture any events happening in your enterprise environment.
Clumio is a secure, backup-as-a-service for enterprises that eliminates the complexity of protecting data across all clouds. We protect Amazon EC2, EBS, RDS, Microsoft 365, VMware Cloud, and vSphere. In 2020, Clumio became the first data protection service to support private cloud, public cloud, and SaaS on a single platform, and the only backup as a service that addresses operational recovery, data recovery, and long-term data retention. We deliver robust data protection at a predictable cost.
Check this blog out for more information: https://clumio.com/say-hello-to-splunk-clumios-audit-logs-on-splunk/
The Splunk add-on once installed, configure the input as shown in the figure below.
Following configurations are needed:
After the Splunk add-on is installed, configure the input as shown below.
- Interval: Set the Interval to fetch the next batch of audit logs from Clumio, which is right now every 5 minutes (300 seconds) or more.
- Index: Provide the index where you would like the audit logs to be populated in Splunk. It could be the main index or any of the custom indexes.
- Clumio API URL: Provide the API URL key, which can be retrieved from the Clumio instance REST API Reference in on the home page in the "Help" section(bottom left).
- API key: Generate the API token from the setting section by navigating to the API tokens in the Clumio instance on the home page.
- Audit Logs Start (Days): Provide the number of days needed to go back for audit logs data
- Limit Records per call: Here, you need to provide the number of records per fetch of audit logs. The default is 10 records, and the maximum is 100 records per fetch/call.