HOME / DOCUMENTATION / Integrating Acunetix 360 with Splunk

Integrating Acunetix 360 with Splunk

Splunk is a Security Information and Event Management (SIEM) software that is used to read and store machine-generated data.

Splunk aims to collect data like operating system logs, antivirus events, etc in a single central location to generate graphs, reports, and alerts. Integrating with Splunk helps you to increase information security so that you can collect identified issues or vulnerabilities.

This article explains how to integrate Splunk with Acunetix 360.

There are four stages:

Information

Acunetix 360 adopted a unified app strategy to simplify the installation process. You now use a single add-on package that supports both Splunk Enterprise (On-premises) and the Splunk Cloud platform.

How to install Splunk

1. First, locate the Netsparker Enterprise Add-on in Splunkbase: https://splunkbase.splunk.com/app/5511/ .

2. **For Splunk Enterprise:** Download the file and install it via Apps > Manage Apps > Install app from file.

3. **For Splunk Cloud:** Install the app directly via the Splunk Cloud web interface or request installation through Splunk Support.

4. Once the Invicti Enterprise add-on is installed, it should be configured to collect issues from the Invicti Enterprise API (see How to Configure Add-on Settings).

How to configure Add-on settings

The Add-on settings must be configured in order to authenticate the API.

  1. In Splunk, navigate to Acunetix 360 Add-On, then Configuration.
  2. Select the Add-on Settings tab.

  1. Complete the Base URL, User ID, and Token fields. (The Base URL is the Acunetix 360 URL.)

Information

User ID and Token values can be found at API Settings.

  1. Click Save.
How to configure input
  1. In Splunk, navigate to the Acunetix 360 Add-On, then Inputs.

  1. To edit an existing Input, in the Actions column, select the Action dropdown, then the Edit link. (Alternatively, to create a new Input, select Create New Input.) The Update Vulnerability dialog is displayed.

  1. The Date Format should be equal to the value defined on the Change Account Settings page in Acunetix 360.
  2. In Splunk, the Website Group and Website fields are optional. (These values can be found on the Website Groups page in Acunetix 360.)

  1. Select Update (or Add).
How to search for vulnerabilities

Once the Add-on Settings and Input have been configured, Splunk starts to import data from the Acunetix 360 API.

  1. In Splunk, navigate to the Acunetix 360 Add-on, then select the Search tab to view the imported data.

  1. Select Data Summary. The Data Summary dialog is displayed.

  1. Select the Hosts, Sources, or SourceTypes tab to display issues.

 

« Back to the Acunetix Documentation Page