Configure the syslog data connection over SSL for Windows Splunk
Windows
Splunk
- In theCylanceconsole, clickSettings>Applicationand select the TLS/SSL box.
- From theSplunkserver command line, using the script below, generate certificates.mkdir c:\progra~1\Splunk\etc\certs C:\progra~1\Splunk\bin\splunk.exe cmd cmd.exe /c c:\progra~1\Splunk\bin \genRootCA.bat -d c:\progra~1\Splunk\etc\certs C:\progra~1\Splunk\bin\splunk.exe cmd python c:\progra~1\Splunk\bin \genSignedServerCert.py -d c:\progra~1\Splunk\etc\certs -n splunk -c splunk -p
- In the C:\Program Files\Splunk\etc\apps\cylance_protect\local\inputs.conf file, modify the two sections below using the following attributes:[tcp-ssl://6514] disabled = false sourcetype =<syslog_protect>index =<cylance_protect>source =<YourTenantNameHere>[SSL] sslPassword =<The password that was used in the genSignedServerCert command above>requireClientCert = false serverCert = c:\progra~1\Splunk\etc\certs\splunk.pem
- Using the script below, restartSplunkand verify the open port.c:\progra~1\Splunk\bin\splunk.exe restart netstat -an | findstr :6514
If you want the
CylancePROTECT
Application for Splunk
to receive threat data reports, see Configure threat data reporting