Eyeglass

The following sections show you how to configure Superna Eyeglass to send their log data to Axoflow.

CAUTION:

Make sure to set data forwarding on your appliances/servers as described in this guide. Different settings like alternate message formats or ports might be valid, but can result in data loss or incorrect parsing.

Prerequisites

  • You have administrative access to Superna Eyeglass.
  • You have an AxoRouter deployed and configured with a webhook connector. This device is going to receive the data from Superna Eyeglass.

  • You know the IP address the AxoRouter. To find it:

    1. Open the Axoflow Console.
    2. Select the Hosts or the Topology page.
    3. Click on AxoRouter instance that is going to receive the logs.
    4. Check the Networks > Address field.

Steps

Note: The steps involving the Superna Eyeglass user interface are just for your convenience, for details, see the official documentation.

  1. Log in to Ransomware Defender and open the Zero Trust menu.

  2. Click the plus sign to add a webhook target.

  3. Set the parameters of the webhook.

    • Name: Enter a name for the webhook, for example, Axoflow.
    • URL: Enter the URL of the webhook connector of the AxoRouter instance where you want to post messages.
    • Event Severity Filter: Select the severities of the events that you want to forward to the webhook.
    • Lifecycle filter: Select the lifecycle changes that trigger a post message to the webhook.

  4. Click Save, then the Test webhooks button. This will send a post message with a sample payload.

  5. Add the source to Axoflow Console.

    1. Open the Axoflow Console and select Topology.

    2. Select + > Source.

      • If the source is actively sending data to an AxoRouter instance, select Detected, then select your source.
      • Otherwise, select the vendor and product corresponding to your source from the Predefined sources, then enter the parameters of the source, like IP address and FQDN.

    3. (Optional) Add custom labels as needed.

    4. Select Create.

Labels

Axoflow automatically adds the following labels to data collected from this source:

label value
vendor superna
product eyeglass

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

sourcetype index
superna:eyeglass main