Integrating Netsparker Enterprise with Splunk
Splunk is a Security Information and Event Management (SIEM) software that is used to read and store machine-generated data. Splunk aims to collect data like operating system logs, antivirus events, etc in a single central location to generate graphs, reports, alerts. Integrating with Splunk helps you to increase information security so that you can collect identified issues or vulnerabilities
There are four stages:
- How to Install Splunk
- How to Configure Add-on Settings
- How to Configure Input
- How to Search Vulnerabilities
Netsparker Enterprise Add-on is only available for Splunk Enterprise. It will be available for Splunk Cloud soon.
How to Install Splunk
- First, locate the Netsparker Enterprise add-on in Splunkbase: https://splunkbase.splunk.com/app/4825/.
- Follow these instructions to install the add-on: https://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons.
- Once the Netsparker Enterprise add-on is installed, it should be configured to collect issues from the Netsparker Enterprise API (see How to Configure Add-on Settings). The add-on can collect data from both On-demand and On-premise editions of Netsparker Enterprise.
How to Configure Add-on Settings
Add-on settings must be configured in order to authenticate the API.
- In Splunk, navigate to Netsparker Enterprise Add-On, then Configuration.
- Click the Add-on Settings tab.
- Complete the Base URL, User ID and Token fields. (The Base URL is the Netsparker Enterprise URL.)
User ID and Token values can be found at https://www.netsparkercloud.com//account/apisettings/.
- Click Save.
How To Configure Input
- In Splunk, navigate to the Netsparker Enterprise Add-On, then Inputs.
- To edit an existing Input, in the Actions column, click the Action dropdown, then Edit link. (Alternatively, to create a new Input, click Create New Input.) The Update Vulnerability dialog is displayed.
- The Date Format should be equal to the value defined in the Change Account Settings window in Netsparker Enterprise.
- In splunk, the Website Group and Website fields are optional. (These values can be found in the Website Groups window in Netsparker Enterprise.)
- Click Update (or Add).
How To Search Vulnerabilities
Once the Add-on Settings and Input have been configured, Splunk starts to import data from the Netsparker Enterprise API.
- In Splunk, navigate to the Netsparker Enterprise Add-on, then click the Search tab to view the imported data.
- Click Data Summary. The Data Summary dialog is displayed.
- Click the Hosts, Sources or SourceTypes tab to display issues.