Enable API calls to Lacework through custom search command and view vulnerability data through built-in dashboards.
| lacework target="/api/v1/..."
Splunk 8.2 version
- Re-do your setup from the setupage ("Manage Apps" -> "Lacework" -> "Set up") to ensure that the credentials are valid.
- Refresh the page to reload your dashboard.
- If this still does not work, please restart the
setupReload.sh script from "Settings" -> "Data Inputs" -> "Scripts" by toggling the Enable/Disable status buttons. This script will reload your setup configuration.
- Note: Dashboards may also take a while to load, so please give it up to a minute to load the data in.
A: You can either modify the file(s) directly as an admin, or use Splunk's endpoint and our EAI endpoint.
- For keyId and secret, please use Splunk's storage passwords endpoints to modify the passwords.conf file.
- For API domain, please use the
https://localhost:PORT/services/apiDomain/APIDomainHandler endpoint with the optional parameter of "domain" that updates the current domain to the given one. Make sure you pass in username and password as well for Authorization.
https://localhost:PORT/services/apiDomain/APIDomainHandler to get the current domain
https://localhost:PORT/services/apiDomain/APIDomainHandler?domain=exampleDomain to update the current domain to
A: "Settings" -> "Data Inputs" -> "Scripts" -> Find
setupReload.sh -> Click on the name -> Change fields from the "Source type" section.
Dashboard will now be reloaded every time a user modifies setup config through setup page
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.