Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Integrating Netsparker Enterprise with Splunk

Splunk is a Security Information and Event Management (SIEM) software that is used to read and store machine-generated data. Splunk aims to collect data like operating system logs, antivirus events, etc in a single central location to generate graphs, reports, alerts. Integrating with Splunk helps you to increase information security so that you can collect identified issues or vulnerabilities

There are four stages:

Netsparker Enterprise Add-on is only available for Splunk Enterprise. It will be available for Splunk Cloud soon.

How to Install Splunk

  1. First, locate the Netsparker Enterprise add-on in Splunkbase: https://splunkbase.splunk.com/app/4825/.
  2. Follow these instructions to install the add-on: https://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons.
  3. Once the Netsparker Enterprise add-on is installed, it should be configured to collect issues from the Netsparker Enterprise API (see How to Configure Add-on Settings). The add-on can collect data from both On-demand and On-premise editions of Netsparker Enterprise.

How to Configure Add-on Settings

Add-on settings must be configured in order to authenticate the API.

  1. In Splunk, navigate to Netsparker Enterprise Add-On, then Configuration.
  2. Click the Add-on Settings tab.

  1. Complete the Base URL, User ID and Token fields. (The Base URL is the Netsparker Enterprise URL.)
User ID and Token values can be found at https://www.netsparkercloud.com//account/apisettings/.
  1. Click Save.

How To Configure Input

  1. In Splunk, navigate to the Netsparker Enterprise Add-On, then Inputs.

 

  1. To edit an existing Input, in the Actions column, click the Action dropdown, then Edit link. (Alternatively, to create a new Input, click Create New Input.) The Update Vulnerability dialog is displayed.

  1. The Date Format should be equal to the value defined in the Change Account Settings window in Netsparker Enterprise.
  2. In splunk, the Website Group and Website fields are optional. (These values can be found in the Website Groups window in Netsparker Enterprise.)

  1. Click Update (or Add).

How To Search Vulnerabilities

Once the Add-on Settings and Input have been configured, Splunk starts to import data from the Netsparker Enterprise API.

  1. In Splunk, navigate to the Netsparker Enterprise Add-on, then click the Search tab to view the imported data.

  1. Click Data Summary. The Data Summary dialog is displayed.

  1. Click the Hosts, Sources or SourceTypes tab to display issues.

Tweet
Share
Share

TOP ARTICLES

CATEGORIES

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO

RESOURCES

USE CASES

WEB SECURITY

COMPANY

Netsparker Ltd

  • 220 Industrial Blvd Ste 102
    Austin, TX 78745
Copyright © 2020 Netsparker Ltd. All rights reserved.
Privacy Policy | Data Protection Policy | Sitemap