Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. CylancePROTECT Application for Splunk Administration Guide
  4. Installing and configuring the CylancePROTECT Application for Splunk
  5. Configuring the syslog data connection over SSL in Splunk
  6. Configure the syslog data connection over SSL for Linux Splunk

Configure the syslog data connection over SSL for
Linux
Splunk

  1. In the
    Cylance
     console, click
    Settings
     >
    Application
     and select the TLS/SSL box.
  2. From the
    Splunk
     server command line, using the script below, generate certificates.
    mkdir /opt/splunk/etc/certs
export OPENSSL_CONF=/opt/splunk/openssl/openssl.cnf
/opt/splunk/bin/genRootCA.sh -d /opt/splunk/etc/certs
/opt/splunk/bin/genSignedServerCert.sh -d /opt/splunk/etc/certs -n splunk -c
splunk -p
  3. In the $SPLUNK_HOME/etc/apps/cylance_protect/local/inputs.conf file, modify the two sections below using the following attributes:
    [tcp-ssl://6514]
disabled = false
sourcetype = syslog_protect
index = cylance_protect
source = 
    <YourTenantNameHere>
    

    [SSL]
serverCert = /opt/splunk/etc/certs/splunk.pem
sslPassword = 
    <The password that was used in the genSignedServerCert command above>
    
requireClientCert = false
  4. Using the script below, restart
    Splunk
     and verify the open port.
    $SPLUNK_HOME/bin/splunk restart splunkd
netstat -an | grep :6514
If you want the
CylancePROTECT
 Application for
Splunk
 to receive threat data reports, see Configure threat data reporting.