You are currently reviewing an older revision of this page.

Splunk Add on for Sophos Central

Steps to generate SPL file:

  • Install Splunk in your local machine
  • Download the Sophos Central Add-on from Splunkbase
  • Copy TA-sophos-central-addon-for-splunk directory to splunk/etc/apps/ directory
  • Restart Splunk.
  • After installing the Splunk, Switch to /splunk/bin directory
  • By following command user can generate SPL file :
    • MAC/Linux: ./splunk package app your_app_name (TA-sophos-central-addon-for-splunk)
    • Windows: splunk package app your_app_name (TA-sophos-central-addon-for-splunk)
  • User will get location of spl like this:
  • User can install add-on with this SPL file into Splunk

Authentication:

  • Authentication uses a Client ID and Secret pair from a Tenant or Enterprise admin account.
    • If using an enterprise admin account, this will authenticate to all managed tenants this account has permissions for
      • See here for instructions on authentication for an Enterprise Admin
      • See here for instructions on authentication for a Tenant

 

Unfiltered HTML