Skip to main content
Version: 5.3

Splunk

Integrating with Splunk with the NeuVector Splunk App​

The NeuVector Splunk App can be found in the splunkbase catalog here or by searching for NeuVector.

The NeuVector Security dashboard helps to identify security events such as suspicious login attempts, network violations and vulnerable images.

Below are sample screens displayed in the Splunk app.

Image Vulnerabilities​

vulnerabilities

Admission Control and Security Events​

admission_security

Network Violations by Pod/Service (Deployments)​

network

Egress Connection Summary​

egress

NeuVector Login Activity Dashboard​

logins

Setup and Configuration​

Getting the app​

GitHub​

Download the latest app tarball (neuvector_app.tar.gz) from the neuvector/neuvector-splunk-app repository.

Splunkbase​

Download the latest app tarball from Splunkbase.

Splunk Apps Browser​

In the Splunk UI, click on the Apps dropdown, click "Find More Apps", then search for NeuVector Splunk App.

Installation and Setup​

Install the app by either uploading the tarball or following the Splunkbase prompts.

  1. Configure syslog in NeuVector console

Go to Settings -> Configuration -> Syslog

a. set the server value as the IP address that Splunk is running
b. choose TCP as the protocol;
c. set port number as 10514;
d. choose Info Level;
e. click SUBMIT to save the setting.

syslog

You can configure multiple clusters to send syslog to your splunk instance and your splunk instance will receive these syslogs in real time.

FAQs​

What user role is required?​

Any user role.