Jump to content


Photo

Splunk integration with Netwrix


  • Please log in to reply
3 replies to this topic

#1 pokix

pokix

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 06 October 2016 - 02:53 PM

Hello dear Netwrix users,

 

I am trying to forwarding Netwrix collected data toward a Splunk indexer.

 

According to Netwrix official documentation, you have to use Settings -> Data inputs -> Remote event log collections in Splunk

 

However, on Splunk version 6.4.3 and 6.5, this doesn't seem to exist anymore. Is there another way to perform it ?

 

Thanks in advance.

Regards



#2 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 372 posts
  • Gender:Male

Posted 06 October 2016 - 03:33 PM

Hello,

 

Currently there are two ways to collect Windows Events from a machine using Splunk in newer versions.  Splunk documentation will have everything you need because what you are basically doing is telling Splunk to collect certain Windows Event logs and it is not necessarily Netwrix specific instructions.

 

There are 2 ways to implement integration now:

 

1) Use a universal forwarder to get remote Windows data, it's a part  of Splunk.

2) Use WMI

 

Splunk docs http://docs.splunk.c...itorWindowsdata

 

-Jeff



#3 pokix

pokix

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 10 October 2016 - 02:00 PM

Hello Jeff,

 

 

Thank you for your reply.

 

However I actually don't get a point. What I am trying to do is to forward the events formatted by Netwrix after an AD audit into a Splunk server.

Where can I find those formatted logs ? Are they part of the Windows Events logs ? Or does Netwrix store them elsewhere ?

 

Regards



#4 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 372 posts
  • Gender:Male

Posted 12 October 2016 - 12:39 PM

Pokix,

 

Netwrix doesn't forward any events.  We store the changes in a .EVTX format in the Windows Event Log.  Splunk then targets and consumes those Windows events.

 

-Jeff






0 user(s) are reading this topic

0 members, guests, anonymous users