Version: 5.2

Splunk

Integrating with Splunk with the NeuVector Splunk App

The NeuVector Splunk App can be found in the splunkbase catalog here or by searching for NeuVector.

The NeuVector Security dashboard helps to identify security events such as suspicious login attempts, network violations and vulnerable images.

Below are sample screens displayed in the Splunk app.

Image Vulnerabilities

vulnerabilities

Admission Control and Security Events

admission_security

Network Violations by Pod/Service (Deployments)

network

Egress Connection Summary

egress

logins

Setup and Configuration

Getting the app

GitHub

Download the latest app tarball (neuvector_app.tar.gz) from the neuvector/neuvector-splunk-app repository.

Splunkbase

Download the latest app tarball from Splunkbase.

Splunk Apps Browser

In the Splunk UI, click on the Apps dropdown, click "Find More Apps", then search for NeuVector Splunk App.

Installation and Setup

Install the app by either uploading the tarball or following the Splunkbase prompts.

Configure syslog in NeuVector console

Go to Settings -> Configuration -> Syslog

a. set the server value as the IP address that Splunk is running
b. choose TCP as the protocol;
c. set port number as 10514;
d. choose Info Level;
e. click SUBMIT to save the setting.

syslog

You can configure multiple clusters to send syslog to your splunk instance and your splunk instance will receive these syslogs in real time.

FAQs

What user role is required?

Any user role.

Integrating with Splunk with the NeuVector Splunk App​

Image Vulnerabilities​

Admission Control and Security Events​

Network Violations by Pod/Service (Deployments)​

Egress Connection Summary​

NeuVector Login Activity Dashboard​

Setup and Configuration​

Getting the app​

GitHub​

Splunkbase​

Splunk Apps Browser​

Installation and Setup​

FAQs​

What user role is required?​