Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Reporting

Reply

Splunk application for BloxOne Threat Defense - help!

New Member
Posts: 2
2883     0

Hi! I am trying to get the Splunk app, https://splunkbase.splunk.com/app/3850, working in a lab. I have installed Splunk (Free version) 7.2 (also tested 7.3) on a Windows 10 machine. But my dashboard is not populated.

 

I have tried with curl to the API, and it works fine:

curl -k -i -H "Authorization: Token  <token> " "https://csp.infoblox.com/api/dnsdata/v1/dns_event?source=category&t0=1562609321&t1=1562617900&_format=cef" -s

I have followed the instructions for the app, even reinstalled Splunk in different version, as well as multiple restarts of the Splunk app. I have never worked with Splunk before, so I am a bit lost.


This is what the Infoblox Input config looks like

 

ib1.PNG


What do I do wrong? Any tips? The reason I want to try the dashboard is due to Bloxone dosen't have any reporting functions -- which I need, since we don't have a SIEM.

Re: Splunk application for BloxOne Threat Defense - help!

Adviser
Posts: 109
2884     0

Re: Splunk application for BloxOne Threat Defense - help!

New Member
Posts: 2
2884     0

Hi! No, I can't find any error messages at all.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You