Comments (6)
jayjb
commented on June 9, 2024
Hi @feldmannb,
I just want to make sure im understanding your use case here:
- multiple companies each with their own Canarytokens server (say canarytokens.company1.com, canarytokens.company2.com)
- Each company has an api token used in sending incidents to your one Splunk installation - this allows Splunk to know which company's incidents are being sent in.
The question then is how you can add that api token to the canarytoken webhhook that sends the events to your Splunk incident? Or is this a question of whether the Canary Splunk addon can support more than one Canarytokens instance sending incidents?
from canarytokens.
feldmannb
commented on June 9, 2024
Your point number one is correct: each Operating Company has their own
Canary server environment. We are using tagging in Splunk to identify
events as coming from specific operating companies. So the
question/request is to support more than one Canerytoken instance sending
incidents to Splunk. I.E. we need to configure the add-on to
accepted events from multiple Canary Swerver environments each having their
own API Token. Right now it appears that the Add-On only supports a
single environment using a single API Token.
…On Mon, Aug 17, 2020 at 3:38 AM JayJB ***@***.***> wrote:
Hi @feldmannb <https://github.com/feldmannb>,
I just want to make sure im understanding your use case here:
1. multiple companies each with their own Canarytokens server (say
canarytokens.company1.com, canarytokens.company2.com)
2. Each company has an api token used in sending incidents to your one
Splunk installation - this allows Splunk to know which company's incidents
are being sent in.
The question then is how you can add that api token to the canarytoken
webhhook that sends the events to your Splunk incident? Or is this a
question of whether the Canary Splunk addon can support more than one
Canarytokens instance sending incidents?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#71 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/APGXXUVTDO6PGRYOQCP7RZDSBDNBBANCNFSM4P7UCEKQ>
.
from canarytokens.
jayjb
commented on June 9, 2024
HI @feldmannb,
Thanks for the explanation. I think there may be some confusion here. Are you a Canary customer? i.e. you have your own Canary Console instance?
from canarytokens.
feldmannb
commented on June 9, 2024
I am actually a Splunk SE working with a customer who is a Canary customer. It is possible the confusion is on my side or I did not explain the issue clearly or I may be in the wrong Git thread for the customer issue.
The problem is not with anything on the Canary Console it is with the Thinkst Canary Add-On for Splunk (https://splunkbase.splunk.com/app/3980/). The add-on can only be configured with a single API Token and tied to a single Canary Console instance. I have a customer that has multiple operating companies each with their own Canary Console instance but using a single instance of Splunk and as a result a single instance of the Add-On.
from canarytokens.
jayjb
commented on June 9, 2024
Hi @feldmannb,
So if you working for a Canary Customer you should totally mail in support [at] canary [dot] tools please. We would be happy to help.
I can tell you though that we are currently working on our Splunk app (so that it adheres to the latest version). We don't support multiple API keys and I dont think we have ever had that request before. If you wouldn't mailing the above address with some details, so that we know how to get hold of you.
In the meantime, ill bring it up with the folks this side and see if we can figure something out.
from canarytokens.
jayjb
commented on June 9, 2024
Closing this issue because the Thinkst Canary Add-on for Splunk doesn't apply here. We can route this to actual support for a Canary Customer (also the Splunk App has been updated recently so new issues to follow I'm sure)
from canarytokens.
Related Issues (20)
- Simple Typo Fix on Template HOT 1
- Thwarting Malware HOT 2
- Support Wildcard CORS Headers HOT 9
- Credit Card token (beta) not working HOT 3
- EH HOT 1
- [BUG] "Sensitive command hostname" & "Sensitive command username" or "Sensitive Command Information" missing from alerts HOT 9
- Ability to trigger token based on user
- [BUG] Web bug token serves images with html header HOT 1
- mail HOT 3
- Phone hack HOT 1
- Discord Webhook Support HOT 4
- [BUG] "An error has occurred: Internal Server Error" message when trying to create a credit card token HOT 6
- [BUG] error webhook sent with wrong content-type HOT 1
- Enable wildcard CORS support HOT 12
- [BUG] Unable to add Azure Logic App Webhook URL HOT 4
- [BUG] Microsoft Teams Webhook not functioning HOT 1
- Support IP2Location.io API HOT 4
- [BUG] AWS Keys will not generate with webhook or email HOT 1
- Windows folder token not working HOT 7
- Exploit - CSV Injection HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from canarytokens.