Install an HTTP Plugin
You will need an http plugin for Logstash or Splunk to send the data to the SIEM / logging platform of your choice. You can get more information and find the downloads at the following links:
Configure External Logging
Webhooks are the best way to get your logs from Device42 to your external logging platform. Begin by setting up a webhook endpoint:
Begin by navigating to “Tools -> Webhooks -> Endpoints — [Your Splunk / Logstash instance is your endpoint].
From this page, click the “Add Webhook Action” button in the upper right [highlighted]:
Choose Data to Send to Logstash / Splunk
Now that you’ve set up your endpoint, configure the log data that you’d like to send to Logstash and/or Splunk.
- Navigate to “Tools -> Webhooks -> Actions.
Select all the actions you’d like to have sent to your logging solution:
You can now select your webhook action(s). Choose the Endpoint you created above:
Configure Log Storage Duration
You can also navigate to “Tools -> Settings -> Log Integration to choose how long you want to keep logs in your log solution to save space.