{"id":5055,"date":"2023-04-05T00:26:21","date_gmt":"2023-04-04T16:26:21","guid":{"rendered":"https:\/\/cybersecthreat.com\/?p=5055"},"modified":"2024-03-04T16:09:57","modified_gmt":"2024-03-04T08:09:57","slug":"ingest-logs-into-splunk-using-tls","status":"publish","type":"post","link":"https:\/\/cybersecthreat.com\/zh\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/","title":{"rendered":"Ingest logs into Splunk using TLS"},"content":{"rendered":"\n<p>In today&#8217;s digital world, organizations are generating massive amounts of log data that contain valuable insights into their systems, applications, and networks. Splunk is a popular platform that helps organizations analyze and visualize this log data to gain insights and improve their operations. <\/p>\n\n\n\n<p>Today we are going to discuss ingesting syslog from FireEye HX Cloud into Splunk so that we can get additional insights into authentication logs, system logs, containment logs, and other audit trails. If you need to ingest syslog from FireEye HX Cloud into Splunk, you need to ingest the log via Transport Layer Security (TLS).<\/p>\n\n\n\n<p>In this blog post, we are going to discuss two methods to ingest logs to Splunk using TLS based on CentOS: TCP SSL input for Splunk and Rsyslog with GTLS. Each method has its own set of advantages and disadvantages, so it&#8217;s important to evaluate which option is best suited for your organization&#8217;s specific needs.<\/p>\n\n\n\n<p>TCP SSL input for Splunk is relatively straightforward to set up, but it has a potential drawback: Log Loss. When the Splunk instance is restarted, any logs that were in transit during the restart will be lost.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tcp-ssl-input-for-splunk\">TCP SSL input for Splunk<\/h2>\n\n\n\n<p>To set up TCP SSL input for Splunk, you will need to: <\/p>\n\n\n\n<p><strong>Open port 6514\/tcp in your firewall<\/strong>:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><code>firewall-cmd --permanent --zone=public --add-port=6514\/tcp<\/code><\/p>\n\n\n\n<p><code>firewall-cmd --reload<\/code><\/p>\n<\/div><\/div>\n\n\n\n<p><strong>Create a combined certificate file from your authentication and private key files<\/strong><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><code>cat \/etc\/auth\/cert.pem &gt; \/opt\/splunk\/etc\/auth\/splunkweb_combined.cer<\/code><\/p>\n\n\n\n<p><code>cat \/etc\/auth\/privkey.pem &gt;&gt; \/opt\/splunk\/etc\/auth\/splunkweb_combined.cer<\/code><\/p>\n\n\n\n<p><code>chown splunk:splunk \/opt\/splunk\/etc\/auth\/splunkweb_combined.cer<\/code><\/p>\n\n\n\n<p><code>chmod 600 \/opt\/splunk\/etc\/auth\/splunkweb_combined.cer<\/code><\/p>\n<\/div><\/div>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<p><strong>Edit the inputs.conf file with the necessary configurations (vi \/opt\/splunk\/etc\/system\/local\/inputs.conf<\/strong>)<strong>:<\/strong><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><code>[tcp-ssl:\/\/1514]<\/code><\/p>\n\n\n\n<p><code>sourcetype = syslog<\/code><\/p>\n\n\n\n<p><code>index = security<\/code><\/p>\n\n\n\n<p><code>disabled = false<\/code><\/p>\n\n\n\n<p><code>acceptFrom = &lt;IP Address of FireEye&gt;<\/code><\/p>\n\n\n\n<p><code>[SSL]<\/code><\/p>\n\n\n\n<p><code>password =<\/code><\/p>\n\n\n\n<p><code>requireClientCert = false<\/code><\/p>\n\n\n\n<p><code>serverCert = \/opt\/splunk\/etc\/auth\/splunkweb_combined.cer<\/code><\/p>\n\n\n\n<p><code>sslVersions = tls1.2<\/code><\/p>\n\n\n\n<p><code>cipherSuite = AES256-SHA<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-rsyslog-with-gtls\">Rsyslog with GTLS<\/h2>\n<\/div><\/div>\n\n\n\n<p>Rsyslog with GTLS is a more involved setup process but has the advantage of being less prone to log loss. To set up Rsyslog with GTLS, you will need to:<\/p>\n\n\n\n<p><strong>Open port 6514\/tcp in your firewall<\/strong><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><code>firewall-cmd --permanent --zone=public --add-port=6514\/tcp<\/code><\/p>\n\n\n\n<p><code>firewall-cmd --reload<\/code><\/p>\n<\/div><\/div>\n\n\n\n<p><strong>Install the necessary packages<\/strong><\/p>\n\n\n\n<p><code>yum -y install rsyslog-gnutls rsyslog gnutls-utils gnutls<\/code><\/p>\n\n\n\n<p><strong>copy your authentication and private key files to the appropriate locations<\/strong><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><code>cp \/etc\/auth\/privkey.pem \/etc\/pki\/tls\/private\/rslserver-key.pem<\/code><\/p>\n\n\n\n<p><code>cp \/etc\/auth\/cert.pem \/etc\/pki\/tls\/certs\/rslserver-cert.pem<\/code><\/p>\n<\/div><\/div>\n\n\n\n<p><strong>Edit the rsyslog.conf file with the necessary configurations<\/strong> (vi \/etc\/rsyslog.conf):<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p><code>global(<\/code><\/p>\n\n\n\n<p><code>DefaultNetstreamDriver=\"gtls\"<\/code><\/p>\n\n\n\n<p><code>DefaultNetstreamDriverCertFile=\"\/etc\/pki\/tls\/certs\/rslserver-cert.pem\"<\/code><\/p>\n\n\n\n<p><code>DefaultNetstreamDriverKeyFile=\"\/etc\/pki\/tls\/private\/rslserver-key.pem\"<\/code><\/p>\n\n\n\n<p><code>)<\/code><\/p>\n\n\n\n<p><code>module(load=\"imptcp\" threads=\"3\")<\/code><\/p>\n\n\n\n<p><code>module(<\/code><\/p>\n\n\n\n<p><code>load=\"imtcp\"<\/code><\/p>\n\n\n\n<p><code>StreamDriver.Name=\"gtls\"<\/code><\/p>\n\n\n\n<p><code>#StreamDriver.Name=\"ossl\"<\/code><\/p>\n\n\n\n<p><code>StreamDriver.Mode=\"1\"<\/code><\/p>\n\n\n\n<p><code>StreamDriver.Authmode=\"anon\"<\/code><\/p>\n\n\n\n<p><code>)<\/code><\/p>\n\n\n\n<p><code>input(type=\"imptcp\" port=\"514\")<\/code><\/p>\n\n\n\n<p><code>input(type=\"imtcp\" port=\"6514\")<\/code><\/p>\n<\/div><\/div>\n\n\n\n<p>Once you have determined which method to use, you can begin the process of ingesting logs from FireEye HX Cloud into Splunk. With TLS in place, you can be confident that your logs are secure and protected from potential security risks.<\/p>\n\n\n\n<p>It&#8217;s important to note that these instructions are specific to FireEye HX Cloud, but they can be adapted for other sources of log ingestion into Splunk. As always, it&#8217;s important to stay up to date on the latest security best practices and to continually evaluate and update your security measures to ensure that your organization&#8217;s data is protected.<\/p>\n\n\n\n<p>Reference:<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/CyberSecThreat-Corporation-Limited\/Splunk\/blob\/under-review\/rsyslog-ssl-rh7.conf\">https:\/\/github.com\/CyberSecThreat-Corporation-Limited\/Splunk\/blob\/under-review\/rsyslog-ssl-rh7.conf<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/CyberSecThreat-Corporation-Limited\/Splunk\/blob\/under-review\/rsyslog-ssl_rh8.conf\">https:\/\/github.com\/CyberSecThreat-Corporation-Limited\/Splunk\/blob\/under-review\/rsyslog-ssl_rh8.conf<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In today&#8217;s digital world, organizations are generating massive amounts of log data that contain valuable insights into their systems, applications, and networks. Splunk is a popular platform that helps organizations analyze and visualize this log data to gain insights and improve their operations. Today we are going to discuss ingesting syslog from FireEye HX Cloud&#8230;<\/p>","protected":false},"author":2,"featured_media":18929,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_uf_show_specific_survey":0,"_uf_disable_surveys":false,"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[42,71,23],"tags":[21,20],"class_list":["post-5055","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blue-team","category-soc","category-splunk","tag-blue-team","tag-splunk"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Ingest logs into Splunk using TLS - CyberSecThreat<\/title>\n<meta name=\"description\" content=\"Today we are going to discuss ingesting syslog from FireEye HX Cloud into Splunk so that we can get additional insights\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecthreat.com\/zh\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/\" \/>\n<meta property=\"og:locale\" content=\"zh_TW\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ingest logs into Splunk using TLS\" \/>\n<meta property=\"og:description\" content=\"In today&#039;s digital world, organizations are generating massive amounts of log data that contain valuable insights into their systems, applications, and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecthreat.com\/zh\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberSecThreat\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cybersecthreat\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-04T16:26:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-04T08:09:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/04\/ssl-secured.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"866\" \/>\n\t<meta property=\"og:image:height\" content=\"650\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kelvin Yip\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cybersecthreat\" \/>\n<meta name=\"twitter:site\" content=\"@cybersecthreat\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005:\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kelvin Yip\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9810\u4f30\u95b1\u8b80\u6642\u9593\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\u9418\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/\"},\"author\":{\"name\":\"Kelvin Yip\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/#\\\/schema\\\/person\\\/4787dde06da74fa66cb5e92e481b0f98\"},\"headline\":\"Ingest logs into Splunk using TLS\",\"datePublished\":\"2023-04-04T16:26:21+00:00\",\"dateModified\":\"2024-03-04T08:09:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/\"},\"wordCount\":440,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cybersecthreat.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ssl-secured.jpg\",\"keywords\":[\"Blue Team\",\"Splunk\"],\"articleSection\":[\"Blue Team\",\"SOC\",\"Splunk\"],\"inLanguage\":\"zh-TW\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/\",\"url\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/\",\"name\":\"Ingest logs into Splunk using TLS - CyberSecThreat\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cybersecthreat.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ssl-secured.jpg\",\"datePublished\":\"2023-04-04T16:26:21+00:00\",\"dateModified\":\"2024-03-04T08:09:57+00:00\",\"description\":\"Today we are going to discuss ingesting syslog from FireEye HX Cloud into Splunk so that we can get additional insights\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#breadcrumb\"},\"inLanguage\":\"zh-TW\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-TW\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cybersecthreat.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ssl-secured.jpg\",\"contentUrl\":\"https:\\\/\\\/cybersecthreat.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/ssl-secured.jpg\",\"width\":866,\"height\":650,\"caption\":\"SSL Secured\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Splunk\",\"item\":\"https:\\\/\\\/cybersecthreat.com\\\/category\\\/splunk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ingest logs into Splunk using TLS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/#website\",\"url\":\"https:\\\/\\\/cybersecthreat.com\\\/\",\"name\":\"CyberSecThreat\",\"description\":\"CyberSecurity Solutions\",\"publisher\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/cybersecthreat.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"zh-TW\"},{\"@type\":[\"Organization\",\"Place\"],\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/#organization\",\"name\":\"CyberSecThreat Corporation Limited.\",\"alternateName\":\"CyberSecThreat\",\"url\":\"https:\\\/\\\/cybersecthreat.com\\\/\",\"logo\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#local-main-organization-logo\"},\"image\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#local-main-organization-logo\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/cybersecthreat\",\"https:\\\/\\\/x.com\\\/cybersecthreat\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/cybersecthreat-corporation-limited\"],\"description\":\"CyberSecThreat, headquartered in Taiwan, is a Cybersecurity solutions provider that offers cutting-edge Cybersecurity solutions including Cyber Threat Intelligence (CTI), Security Orchestration, Automation, and Response (SOAR), UBA\\\/UEBA, DFIR, and CyberSecurity consulting. CyberSecThreat was awarded as Top 10 Cyber Security Companies of 2022 in APAC CIO Outlook\u2019s Cyber Security Edition. We position ourselves as one of the most comprehensive players in the most advanced high-end marketplace with our highly customizable cybersecurity solutions. CyberSecThreat has been committed to contributing to the CyberSecurity industry and assisting our global clients to improve their CyberSecurity posture. With our global partners and experts, we can deliver a wide range of world-class services to our global clients including vCISO, SOC consulting, Splunk consulting, red team, blue team, and AppSec consulting. CyberSecThreat Research Lab, which is led by our founder Kelvin Yip, is a subdivision that focuses on researching Cyber Warfare, Cyber Influence Operation\\\/Cognitive Domain Warfare (including Disinformation, Propaganda, and psychological manipulation), the latest Cybersecurity trends, and threats that organizations face today as well as technology innovation. With decades of Cybersecurity and technology experience, our teams of experts carry out research and experiment, bringing it to the real world. When things come to the real world and production environment, it is more complicated than our imagination. Let us worry about it because this is our mission! Our vision: NextGen safe digital life, and our mission is to Transform Security Into Real World.\",\"legalName\":\"CyberSecThreat Corporation Limited.\",\"foundingDate\":\"2021-01-23\",\"address\":{\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#local-main-place-address\"},\"geo\":{\"@type\":\"GeoCoordinates\",\"latitude\":\"25.0600452\",\"longitude\":\"121.4594381\"},\"telephone\":[\"(+886) 02 - 77527628\"],\"openingHoursSpecification\":[{\"@type\":\"OpeningHoursSpecification\",\"dayOfWeek\":[\"Monday\",\"Tuesday\",\"Wednesday\",\"Thursday\",\"Friday\",\"Saturday\",\"Sunday\"],\"opens\":\"09:00\",\"closes\":\"18:00\"}],\"email\":\"info@cybersecthreat.com\",\"areaServed\":\"Taiwan\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/#\\\/schema\\\/person\\\/4787dde06da74fa66cb5e92e481b0f98\",\"name\":\"Kelvin Yip\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-TW\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/91aef1abe820d485df4dc03c80c4bab5b129b723fea7002f20904634c1042d21?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/91aef1abe820d485df4dc03c80c4bab5b129b723fea7002f20904634c1042d21?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/91aef1abe820d485df4dc03c80c4bab5b129b723fea7002f20904634c1042d21?s=96&d=mm&r=g\",\"caption\":\"Kelvin Yip\"},\"sameAs\":[\"https:\\\/\\\/cybersecthreat.com\"],\"knowsAbout\":[\"CyberSecurity\"],\"knowsLanguage\":[\"English\",\"Chinese\"],\"jobTitle\":\"Founder, CEO\",\"url\":\"https:\\\/\\\/cybersecthreat.com\\\/zh\\\/author\\\/kelvinyip-m\\\/\"},{\"@type\":\"PostalAddress\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#local-main-place-address\",\"streetAddress\":\"9 F.-A6, No. 601, Siyuan Rd., Xinzhuang Dist., New Taipei City 242032, Taiwan (R.O.C.)\",\"addressLocality\":\"New Taipei City\",\"postalCode\":\"242032\",\"addressRegion\":\"Taiwan\",\"addressCountry\":\"TW\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-TW\",\"@id\":\"https:\\\/\\\/cybersecthreat.com\\\/2023\\\/04\\\/05\\\/ingest-logs-into-splunk-using-tls\\\/#local-main-organization-logo\",\"url\":\"https:\\\/\\\/cybersecthreat.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/CyberSecThreat_website-site-logo-_164x164-min.png\",\"contentUrl\":\"https:\\\/\\\/cybersecthreat.com\\\/wp-content\\\/uploads\\\/2023\\\/12\\\/CyberSecThreat_website-site-logo-_164x164-min.png\",\"width\":164,\"height\":164,\"caption\":\"CyberSecThreat Corporation Limited.\"}]}<\/script>\n<meta name=\"geo.placename\" content=\"New Taipei City\" \/>\n<meta name=\"geo.position\" content=\"25.0600452;121.4594381\" \/>\n<meta name=\"geo.region\" content=\"Taiwan\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Ingest logs into Splunk using TLS - CyberSecThreat","description":"Today we are going to discuss ingesting syslog from FireEye HX Cloud into Splunk so that we can get additional insights","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecthreat.com\/zh\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/","og_locale":"zh_TW","og_type":"article","og_title":"Ingest logs into Splunk using TLS","og_description":"In today's digital world, organizations are generating massive amounts of log data that contain valuable insights into their systems, applications, and","og_url":"https:\/\/cybersecthreat.com\/zh\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/","og_site_name":"CyberSecThreat","article_publisher":"https:\/\/www.facebook.com\/cybersecthreat","article_published_time":"2023-04-04T16:26:21+00:00","article_modified_time":"2024-03-04T08:09:57+00:00","og_image":[{"width":866,"height":650,"url":"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/04\/ssl-secured.jpg","type":"image\/jpeg"}],"author":"Kelvin Yip","twitter_card":"summary_large_image","twitter_creator":"@cybersecthreat","twitter_site":"@cybersecthreat","twitter_misc":{"\u4f5c\u8005:":"Kelvin Yip","\u9810\u4f30\u95b1\u8b80\u6642\u9593":"2 \u5206\u9418"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#article","isPartOf":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/"},"author":{"name":"Kelvin Yip","@id":"https:\/\/cybersecthreat.com\/#\/schema\/person\/4787dde06da74fa66cb5e92e481b0f98"},"headline":"Ingest logs into Splunk using TLS","datePublished":"2023-04-04T16:26:21+00:00","dateModified":"2024-03-04T08:09:57+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/"},"wordCount":440,"commentCount":0,"publisher":{"@id":"https:\/\/cybersecthreat.com\/#organization"},"image":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#primaryimage"},"thumbnailUrl":"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/04\/ssl-secured.jpg","keywords":["Blue Team","Splunk"],"articleSection":["Blue Team","SOC","Splunk"],"inLanguage":"zh-TW","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/","url":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/","name":"Ingest logs into Splunk using TLS - CyberSecThreat","isPartOf":{"@id":"https:\/\/cybersecthreat.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#primaryimage"},"image":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#primaryimage"},"thumbnailUrl":"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/04\/ssl-secured.jpg","datePublished":"2023-04-04T16:26:21+00:00","dateModified":"2024-03-04T08:09:57+00:00","description":"Today we are going to discuss ingesting syslog from FireEye HX Cloud into Splunk so that we can get additional insights","breadcrumb":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#breadcrumb"},"inLanguage":"zh-TW","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/"]}]},{"@type":"ImageObject","inLanguage":"zh-TW","@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#primaryimage","url":"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/04\/ssl-secured.jpg","contentUrl":"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/04\/ssl-secured.jpg","width":866,"height":650,"caption":"SSL Secured"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Splunk","item":"https:\/\/cybersecthreat.com\/category\/splunk\/"},{"@type":"ListItem","position":2,"name":"Ingest logs into Splunk using TLS"}]},{"@type":"WebSite","@id":"https:\/\/cybersecthreat.com\/#website","url":"https:\/\/cybersecthreat.com\/","name":"\u5947\u8cc7\u5b89","description":"\u7db2\u8def\u5b89\u5168\u65b9\u6848","publisher":{"@id":"https:\/\/cybersecthreat.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecthreat.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"zh-TW"},{"@type":["Organization","Place"],"@id":"https:\/\/cybersecthreat.com\/#organization","name":"\u5947\u8cc7\u8a0a\u4fdd\u5b89\u53ca\u7db2\u7d61\u6709\u9650\u516c\u53f8","alternateName":"CyberSecThreat","url":"https:\/\/cybersecthreat.com\/","logo":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#local-main-organization-logo"},"image":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#local-main-organization-logo"},"sameAs":["https:\/\/www.facebook.com\/cybersecthreat","https:\/\/x.com\/cybersecthreat","https:\/\/www.linkedin.com\/company\/cybersecthreat-corporation-limited"],"description":"CyberSecThreat, headquartered in Taiwan, is a Cybersecurity solutions provider that offers cutting-edge Cybersecurity solutions including Cyber Threat Intelligence (CTI), Security Orchestration, Automation, and Response (SOAR), UBA\/UEBA, DFIR, and CyberSecurity consulting. CyberSecThreat was awarded as Top 10 Cyber Security Companies of 2022 in APAC CIO Outlook\u2019s Cyber Security Edition. We position ourselves as one of the most comprehensive players in the most advanced high-end marketplace with our highly customizable cybersecurity solutions. CyberSecThreat has been committed to contributing to the CyberSecurity industry and assisting our global clients to improve their CyberSecurity posture. With our global partners and experts, we can deliver a wide range of world-class services to our global clients including vCISO, SOC consulting, Splunk consulting, red team, blue team, and AppSec consulting. CyberSecThreat Research Lab, which is led by our founder Kelvin Yip, is a subdivision that focuses on researching Cyber Warfare, Cyber Influence Operation\/Cognitive Domain Warfare (including Disinformation, Propaganda, and psychological manipulation), the latest Cybersecurity trends, and threats that organizations face today as well as technology innovation. With decades of Cybersecurity and technology experience, our teams of experts carry out research and experiment, bringing it to the real world. When things come to the real world and production environment, it is more complicated than our imagination. Let us worry about it because this is our mission! Our vision: NextGen safe digital life, and our mission is to Transform Security Into Real World.","legalName":"CyberSecThreat Corporation Limited.","foundingDate":"2021-01-23","address":{"@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#local-main-place-address"},"geo":{"@type":"GeoCoordinates","latitude":"25.0600452","longitude":"121.4594381"},"telephone":["(+886) 02 - 77527628"],"openingHoursSpecification":[{"@type":"OpeningHoursSpecification","dayOfWeek":["Monday","Tuesday","Wednesday","Thursday","Friday","Saturday","Sunday"],"opens":"09:00","closes":"18:00"}],"email":"info@cybersecthreat.com","areaServed":"Taiwan"},{"@type":"Person","@id":"https:\/\/cybersecthreat.com\/#\/schema\/person\/4787dde06da74fa66cb5e92e481b0f98","name":"Kelvin Yip","image":{"@type":"ImageObject","inLanguage":"zh-TW","@id":"https:\/\/secure.gravatar.com\/avatar\/91aef1abe820d485df4dc03c80c4bab5b129b723fea7002f20904634c1042d21?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/91aef1abe820d485df4dc03c80c4bab5b129b723fea7002f20904634c1042d21?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/91aef1abe820d485df4dc03c80c4bab5b129b723fea7002f20904634c1042d21?s=96&d=mm&r=g","caption":"Kelvin Yip"},"sameAs":["https:\/\/cybersecthreat.com"],"knowsAbout":["CyberSecurity"],"knowsLanguage":["English","Chinese"],"jobTitle":"Founder, CEO","url":"https:\/\/cybersecthreat.com\/zh\/author\/kelvinyip-m\/"},{"@type":"PostalAddress","@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#local-main-place-address","streetAddress":"9 F.-A6, No. 601, Siyuan Rd., Xinzhuang Dist., New Taipei City 242032, Taiwan (R.O.C.)","addressLocality":"New Taipei City","postalCode":"242032","addressRegion":"Taiwan","addressCountry":"TW"},{"@type":"ImageObject","inLanguage":"zh-TW","@id":"https:\/\/cybersecthreat.com\/2023\/04\/05\/ingest-logs-into-splunk-using-tls\/#local-main-organization-logo","url":"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/12\/CyberSecThreat_website-site-logo-_164x164-min.png","contentUrl":"https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/12\/CyberSecThreat_website-site-logo-_164x164-min.png","width":164,"height":164,"caption":"CyberSecThreat Corporation Limited."}]},"geo.placename":"New Taipei City","geo.position":{"lat":"25.0600452","long":"121.4594381"},"geo.region":"Taiwan"},"taxonomy_info":{"category":[{"value":42,"label":"Blue Team"},{"value":71,"label":"SOC"},{"value":23,"label":"Splunk"}],"post_tag":[{"value":21,"label":"Blue Team"},{"value":20,"label":"Splunk"}]},"featured_image_src_large":["https:\/\/cybersecthreat.com\/wp-content\/uploads\/2023\/04\/ssl-secured.jpg",866,650,false],"author_info":{"display_name":"Kelvin Yip","author_link":"https:\/\/cybersecthreat.com\/zh\/author\/kelvinyip-m\/"},"comment_info":7,"category_info":[{"term_id":42,"name":"Blue Team","slug":"blue-team","term_group":0,"term_taxonomy_id":42,"taxonomy":"category","description":"","parent":0,"count":14,"filter":"raw","cat_ID":42,"category_count":14,"category_description":"","cat_name":"Blue Team","category_nicename":"blue-team","category_parent":0},{"term_id":71,"name":"SOC","slug":"soc","term_group":0,"term_taxonomy_id":71,"taxonomy":"category","description":"","parent":0,"count":3,"filter":"raw","cat_ID":71,"category_count":3,"category_description":"","cat_name":"SOC","category_nicename":"soc","category_parent":0},{"term_id":23,"name":"Splunk","slug":"splunk","term_group":0,"term_taxonomy_id":23,"taxonomy":"category","description":"","parent":0,"count":10,"filter":"raw","cat_ID":23,"category_count":10,"category_description":"","cat_name":"Splunk","category_nicename":"splunk","category_parent":0}],"tag_info":[{"term_id":21,"name":"Blue Team","slug":"blue-team","term_group":0,"term_taxonomy_id":21,"taxonomy":"post_tag","description":"","parent":0,"count":13,"filter":"raw"},{"term_id":20,"name":"Splunk","slug":"splunk","term_group":0,"term_taxonomy_id":20,"taxonomy":"post_tag","description":"","parent":0,"count":8,"filter":"raw"}],"_links":{"self":[{"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/posts\/5055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/comments?post=5055"}],"version-history":[{"count":0,"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/posts\/5055\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/media\/18929"}],"wp:attachment":[{"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/media?parent=5055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/categories?post=5055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecthreat.com\/zh\/wp-json\/wp\/v2\/tags?post=5055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}