Eyeglass
The following sections show you how to configure Superna Eyeglass to send their log data to Axoflow.
CAUTION:
Make sure to set data forwarding on your appliances/servers as described in this guide. Different settings like alternate message formats or ports might be valid, but can result in data loss or incorrect parsing.Prerequisites
- You have administrative access to Superna Eyeglass.
- You have an AxoRouter deployed and configured with a webhook connector. This device is going to receive the data from Superna Eyeglass.
-
You know the IP address the AxoRouter. To find it:
- Open the Axoflow Console.
- Select the Hosts or the Topology page.
- Click on AxoRouter instance that is going to receive the logs.
- Check the Networks > Address field.
Steps
Note: The steps involving the Superna Eyeglass user interface are just for your convenience, for details, see the official documentation.
-
Log in to Ransomware Defender and open the Zero Trust menu.
-
Click the plus sign to add a webhook target.
-
Set the parameters of the webhook.
- Name: Enter a name for the webhook, for example,
Axoflow
. - URL: Enter the URL of the webhook connector of the AxoRouter instance where you want to post messages.
- Event Severity Filter: Select the severities of the events that you want to forward to the webhook.
- Lifecycle filter: Select the lifecycle changes that trigger a post message to the webhook.
- Name: Enter a name for the webhook, for example,
-
Click Save, then the Test webhooks button. This will send a post message with a sample payload.
-
Add the source to Axoflow Console.
-
Open the Axoflow Console and select Topology.
-
Select + > Source.
- If the source is actively sending data to an AxoRouter instance, select Detected, then select your source.
- Otherwise, select the vendor and product corresponding to your source from the Predefined sources, then enter the parameters of the source, like IP address and FQDN.
Note During log tapping, you can add hosts that are actively sending data to an AxoRouter instance by clicking Register source. -
(Optional) Add custom labels as needed.
-
Select Create.
-
Labels
Axoflow automatically adds the following labels to data collected from this source:
label | value |
---|---|
vendor | superna |
product | eyeglass |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
sourcetype | index |
---|---|
superna:eyeglass | main |