Configure the Splunk Integration App

The integration application is available in the Splunkbase. You must log in to your Splunk account to download the application.

Once the new application is installed, follow these steps in the app to configure it:

BeyondTrust Privileged Remote Support in Splunk Enterprise Apps

  1. In the list of Splunk Apps, click the new BeyondTrust Privileged Remote Access option.

 

Create New Input

  1. On the BeyondTrust Privileged Remote Access Inputs page, click Create New Input.

 

Add BeyondTrust PRA Reporting API - Session Events

  1. Enter the required input information:
    • Name: Desired unique input name.
    • Interval: Desired polling interval. A short polling interval can result in poor performance. At least 60 seconds is recommended.
    • Index: Must be beyondtrust_pra. Create this index if it does not already exist.
    • PRA Site hostname: Your Privileged Remote Access hostname. Do not include the protocol (https://) or other URL components. This value must be the hostname only. For example, support.example.com.
    • Client ID: Your previously configured Client ID.
    • Client Secret: Your previously configured Client Secret.
  2. Click Add.