This application was designed to give users usable data surrounding the activity taking place on their RSA SecurID appliances. This application will work with both the RSA SecurID Appliance 130 and 230 models.
Scripted Inputs: For the "Network Activity" view to properly work there is a scripted input that needs to be configured. This scripted input uses the snmpget command to retrieve specific values from the device. If you have multiple devices then you need to configure multiple scripted inputs. Follow these steps:
1. Copy the sample inputs.conf file from $SPLUNK_HOME/etc/apps/RSASecurID/default/inputs.conf to your local folder, just so no changes are overwritten if the application is updated.
2. Edit the inputs.conf file and change the script stanza to reflect your device configuration:
[script://$SPLUNK_HOME/etc/apps/RSASecurID/bin/getSnmpData.sh public 1.1.1.1]
disabled = 1
Change "public" to be the community name configured on your appliance that has read access. Change "1.1.1.1" to be the IP Address of your appliance. Change "disabled = 1" to "disabled = 0" to enable the scripted input.
3. If you have multiple appliances, just copy/paste the [script://] stanza for as many appliances as you have and configure the appropriate values as mentioned above.
Monitored Inputs: There is an example [monitor://] stanza in the inputs.conf file. Configure this for the proper location of the file that your SNMP traps are being logged to. If the SNMP traps are already being indexed by Splunk then this can be ignored.
Summary View:
User Activity View:
Network Activity View:
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.