icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Reach Security App For Splunk
SHA256 checksum (reach-security-app-for-splunk_100.tgz) 0f683f6ca230d457cfb002176e238e5cf0f04494c00f258f2226948eca34332f
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Reach Security App For Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Reach is Self-Driving security

The first software-based decision support system for security teams, built to continuously improve security posture
through the autonomous operation of the enterprise’s existing IT portfolio.

The Reach Security App for Splunk works with your existing Reach product deployment to gather the information required to make strategic decisions on how best to configure and operate the security products deployed in your network and logging data to Splunk.

Features:
*With a single-click, implement searches, anonymize and export all data required for Reach to process

If you do not have an existing product deployment and would like to try Reach, email: Splunkapp at Reach dot security.

Reach Security App For Splunk

This is an app powered by the Splunk Add-on Builder

OVERVIEW

The Reach Security App For Splunk works with your Reach security products and can be instantly deployed on top of your Splunk implementation, allowing you to easily collect and share the information with Reach. The information collected enables Reach to help you and your team answer key strategic questions regarding risk in the organization and how best to configure and operate your current security investments to mitigate risk facing the organization.

Here is the functionality you can expect to find when using the Reach Security App For Splunk:
* Search, anonymize and export specific identity and security event logs from Splunk to Reach.
* Choose to download identify and security event logs from Splunk as a csv zip archive locally to be shared with the Reach product

Prerequisites - Require data collected from the apps specified below:

RELEASE NOTES

  • Version 1.0.0
  • Welcome Dashboard
  • Configuration Screen
  • Export Dashboard
    • Allows the user to take actions to export necessary data and package it up for download and delivery to the Reach
    • product (for triggering search and anonymize data). User can also download the anonymized zip file from the same
    • screen
  • Troubleshooting

RECOMMENDED SYSTEM CONFIGURATION

  • Splunk system should have 12 GB of RAM and a six-core CPU to run this application smoothly.

TOPOLOGY AND SETTING UP SPLUNK ENVIRONMENT

This application can be set up in two ways:

1) Standalone Mode: Install the App on a single machine. This single machine would serve as a Search Head + Indexer + Heavy forwarder for this setup
2) Distributed Environment: Install App on search head for executing the search functionality.

INSTALLATION

Follow the below-listed steps to install an Add-on from the bundle:

1) Download the App package.
2) From the UI navigate to Apps->Manage Apps.
3) In the top right corner select Install app from file.
4) Select Choose File and select the App package.
5) Select Upload and follow the prompts.
6) We recommend you restart Splunk. Once Splunk has been restarted you may enjoy your new app!

UPGRADE

Follow the below steps when upgrading from Reach Security App For Splunk

1) From the UI navigate to Apps->Manage Apps.
2) In the top right corner select Install app from file.
3) Select Choose File and select the App package.
4) Check the upgrade option.
5) Select Upload and follow the prompts.
6) Restart Splunk.

TROUBLESHOOTING

The configuration page is not loading

  • Check log file for possible errors/warnings: $SPLUNK_HOME/var/log/splunk/splunkd.log

Download button is not clickable on Export dashboard

  • Go to Search tab. Hit the following query index="_internal" source="*reach*" and check the results.
  • Verify the filters configured during data collection are valid and such events exist on the platform.
  • Check the log file related to data collection is generated under $SPLUNK_HOME/var/log/splunk/reach_single_execution.log or $SPLUNK_HOME/var/log/splunk/reach_periodic_execution.log.
  • To get the detailed logs, in the Splunk UI, navigate to Reach Security App For Splunk. Click on Configuration and go to the Logging tab. Select the Log level to DEBUG.
  • Check the logs. There will be more verbose and will give the user insights on search execution.

If you are not seeing file name on Export dashboard in case of Load balancer

  • Click on execute button for re-executing the search for creating csv zip file

If the Splunk Instance is behind a proxy, Configure Proxy settings by navigating to Reach Security App For Splunk -> Configuration -> Proxy

Facing performance issue and taking time for creating csv zip files

  • In case of facing issue in performance, user can reduce the fields added in two property named fields_to_anonymize and result_fields in the conf file(reach_security_app_for_splunk_settings.conf)
  • After reducing the number of fields, Restart the Splunk

UNINSTALL APP

To uninstall app, user can follow below steps: SSH to the Splunk instance Go to folder apps($SPLUNK_HOME/etc/apps) Remove the reach_security_app_for_splunk folder from apps directory Restart Splunk

Copyright (C) 2020 Reach Security, Inc. All rights reserved.

Release Notes

Version 1.0.0
Dec. 25, 2020

To search, anonymize and export specific identity and security event logs from Splunk

7
Installs
5
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2021 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.