Skip Navigation
  1. BlackBerry Docs
  2. Cylance products
  3. CylancePROTECT Application for Splunk Administration Guide
  4. Installing and configuring the CylancePROTECT Application for Splunk
  5. Configuring the syslog data connection over SSL in Splunk
  6. Configure the syslog data connection over SSL for Windows Splunk

Configure the syslog data connection over SSL for
Windows
Splunk

  1. In the
    Cylance
     console, click
    Settings
     >
    Application
     and select the TLS/SSL box.
  2. From the
    Splunk
     server command line, using the script below, generate certificates.
    mkdir c:\progra~1\Splunk\etc\certs
C:\progra~1\Splunk\bin\splunk.exe cmd cmd.exe /c c:\progra~1\Splunk\bin
\genRootCA.bat -d c:\progra~1\Splunk\etc\certs
C:\progra~1\Splunk\bin\splunk.exe cmd python c:\progra~1\Splunk\bin
\genSignedServerCert.py -d c:\progra~1\Splunk\etc\certs -n splunk -c splunk -p
  3. In the C:\Program Files\Splunk\etc\apps\cylance_protect\local\inputs.conf file, modify the two sections below using the following attributes:
    [tcp-ssl://6514]
disabled = false
sourcetype = 
    <syslog_protect>
    
index = 
    <cylance_protect>
    
source = 
    <YourTenantNameHere>
    

    [SSL]
sslPassword = 
    <The password that was used in the genSignedServerCert command above>
    
requireClientCert = false
serverCert = c:\progra~1\Splunk\etc\certs\splunk.pem
  4. Using the script below, restart
    Splunk
     and verify the open port.
    c:\progra~1\Splunk\bin\splunk.exe restart
netstat -an | findstr :6514
If you want the
CylancePROTECT
 Application for
Splunk
 to receive threat data reports, see Configure threat data reporting