Installing and configuring Splunk for PingIntelligence - PingIntelligence for APIs

Installing and configuring Splunk for PingIntelligence - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

To complete the configuration of Splunk for PingIntelligence, you need to create a source type.

Creating a source type helps Splunk to understand the event format. The source type is one of the default fields that Splunk assigns to all the incoming data. Configuring the source type informs Splunk about the type of data ABS provides. This helps Splunk in formatting data intelligently during indexing.

To create a source type, complete the following steps:

Configure a new source type by navigating to Splunk Enterprise > Settings > Source Types > New Source Type.
The Source Type Events page is displayed.

Configure the New Source Type.

The fields are defined in the following table.

Name	Value
Source Type Name	`pi_events_source_type`
Destination app	Search and Reporting (Can change for your apps)
Category	Structures
Indexed Extractions	`json`
SEDCMD-alter	`s/pi-attack-info-//`

A screenshot of the Edit Source Type page in PingIntelligence.

Create a new index pi_events by navigating to Enterprise > Settings > Indexes > New Index.