Install
Perform the following tasks to install and configure the Anvilogic app.
Ensure Connectivity
The server must be able to connect to https://secure.anvilogic.com over port 443
Download the App Download the Anvilogic App from the platform at https://secure.anvilogic.com -> Admin Settings -> Download Anvilogic App
Install the App Install the app on your server, preferably the server that has access to security indexers/data. This requires a restart.
Create Index Create an index "anvilogic" index. Those names are recommended but you can change them to match any naming standards you have.
Assign Roles Assign yourself the avl_admin role and anyone else participating in the pilot, app roles and descriptions are in the document attached for reference.
Create HEC Token Create a HEC token that can write to the 1 anvilogic index that was created. Ensure the search head has network connectivity to the box that has the HEC Collector enabled.
For Splunk Cloud Customers: Splunk Cloud Enterprise Security customers will have to allow IPs to send to the Splunk Cloud HEC endpoint on port 443. This setting still requires are a HEC token for authentication and is often used by customers to send data to Splunk Cloud from multiple devices with changing IPs like mobile devices.
Instructions on how to do this: https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/Config/ConfigureIPAllowList
This should only be required if the Anvilogic App is installed on an Splunk Cloud Enterprise Security Search Head and you have a Splunk Cloud non-Enterprise Security Search Head
Last updated