Configure the SIEM Tool Plugin for Integration between Splunk and BeyondTrust Remote Support
You must purchase this integration separately from both your BeyondTrust software and your Splunk solution. For more information, contact BeyondTrust sales.
To begin configuration, launch the Middleware Administration Tool and click on the clipboard icon next to the plugin name.
Secure Remote Access Appliance
The first portion of plugin configuration provides the necessary settings for communication between the plugin and the Secure Remote Access Appliance. These fields are described in the BeyondTrust SIEM Tool Plugin Installation and Administration.
- Target SIEM System: Select Splunk from the list.
- SIEM Syslog Host: Enter the hostname or IP address of the Splunk instance that should receive messages.
- SIEM Syslog Port: Enter the port used by the Splunk instance to receive syslog messages, usually port 1514.
- SIEM Syslog Protocol: Select the appropriate protocol from the list, usually UDP.
- Events to Process: BeyondTrust session data may contain many different event types. All types are available; however, only a subset may be desired in the SIEM tool. Select only the events you would like sent to Splunk. Events matching unchecked event types are ignored.