For integrating StationGuard devices into a Splunk environment, OMICRON provides a preconfigured Splunk application, the OMICRON StationGuard for Splunk application (StationGuard app). This application can be used and installed on a Search Head or a single host installation of Splunk. It creates the proper Data Inputs, a SourceType and the Event types to be used for the StationGuard logs. The fields in the syslog events are parsed and utilized in the corresponding views. These fields are then mapped to the corresponding Splunk Common information model (CIM) for Intrusion Detection. To visualize data from StationGuard devices, a Dashboard is included in the StationGuard app.
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources