Splunk - Vectra Detect Add-On and Syslog Configuration (QUX)
Install the Technology Add-on for Vectra Detect (JSON) and configure Detect syslog so Splunk parses events into the correct sourcetypes.
Technology Add-On for Vectra Detect (JSON) Installation
## inputs.conf example. The stanza should be copied e.g. to $SPLUNK_HOME/etc/system/local/inputs.conf
# Example input when syslog-ng/rsyslog is used
[monitor:///var/log/vectra/*.log*]
index = <your destination index goes here>
sourcetype = vectra:cognito:detect:json Vectra Detect Syslog Configuration




PreviousSplunk SIEM / Vectra integration guide (start here for QUX)NextSplunk - Vectra Detect Integration Steps (QUX)
Last updated
Was this helpful?