Configure the SIEM Tool Plugin for Integration between Splunk and BeyondTrust Privileged Remote Access

 

You must purchase this integration separately from both your BeyondTrust Privileged Remote Access and Privileged Identity solutions. For more information, contact BeyondTrust sales.

In addition to the steps outlined in the BeyondTrust SIEM Tool Plugin Installation and Administration, the Splunk integration also supports consumption of syslog output directly from the BeyondTrust Appliance.

All of the steps in this section take place in the BeyondTrust /appliance administrative interface.

Splunk Instance

  1. Target SIEM System: Select Splunk from the list.
  2. SIEM Syslog Host: Enter the hostname or IP address of the Splunk instance that should receive messages.
  3. SIEM Syslog Port: Enter the port used by the Splunk instance to receive syslog messages, usually port 1514.
  4. SIEM Syslog Protocol: Select the appropriate protocol from the list, usually UDP.
  5. Events to Process: BeyondTrust session data may contain many different event types. All types are available; however, only a subset may be desired in the SIEM tool. Select only the events you would like sent to Splunk. Events matching unchecked event types are ignored.