Getting the app

GitHub

Download the latest app tarball (neuvector_app.tar.gz) from the neuvector/neuvector-splunk-app repository.

Splunkbase

Download the latest app tarball from Splunkbase.

Splunk Apps Browser

In the Splunk UI, click on the Apps dropdown, click "Find More Apps", then search for NeuVector Splunk App.

Installation and setup

Install the app by either uploading the tarball or following the Splunkbase prompts.

1. config syslog in NeuVector UI

goto Settings -> Configuration -> Syslog

a. set the server value as the IP address that the Splunk is runninng at
b. choose TCP as the protocol
c. set port number as 10514
d. choose Info Level
e. click SUBMIT to save the setting

2. You can config multiple nodes to send syslog to your splunk instance and your splunk instance will receive these syslogs in real time.

FAQs

What user role is required?

Any user role.

Screenshots

Image Vulnerabilities

Admission Control and Security Events

Network Violations by Pod/Service (Deployments)

Egress Connection Summary

NeuVector Login Activity Dashboard

Change notes

January 06, 2021 - v1.1.0

• add east-west network violations

December 01, 2021 - v1.0.0

• add NeuVector dashboard