0 introduction, 1 scope of document, 2 prerequisites – HID Splunk and AAA Server User Manual

ActivIdentity 4TRESS AAA and Splunk | Integration Handbook

P 4

External Use | August 24, 2012 | © 2012 ActivIdentity

1.0 Introduction

Splunk® is a software used to search, monitor and analyze machine-generated data by applications, systems,

and IT infrastructure at scale via a Web-style interface. Splunk captures, indexes, and correlates real-time data in

a searchable database from which it can generate graphs, reports, alerts, dashboards and visualizations.

Splunk aims to make machine data accessible across an organization, identify data patterns, provide metrics,

diagnose problems, and provide intelligence for business operations. Splunk is a horizontal technology used for

application management, security and compliance, as well as business and Web analytics.

The Splunk for ActivIdentity® 4TRESS AAA is a set of field extractions, reports, lookups and dashboards which

provide visibility into the 4TRESS authentication and audit data.

ActivIdentity offers two solutions:

•

ActivIdentity 4TRESS AAA Server for Remote Access—Addresses the security risks associated with

a mobile workforce remotely accessing systems and data.

•

ActivIdentity 4TRESS Authentication Server (AS)—Offers support for multiple authentication methods

that are useful for diverse audiences across a variety of service channels (SAML, Radius, etc.),
including user name and password, mobile and PC soft tokens, one-time passwords, and transparent
Web soft tokens.

1.1

Scope of Document

This document explains how to set up ActivIdentity 4TRESS AAA with Splunk. Use this handbook to generate

graphs, reports, and a dashboard on ActivIdentity 4TRESS AAA solutions.

This handbook covers only the Windows® Splunk version. Configuration is similar for other systems.

1.2

Prerequisites

•

The ActivIdentity 4TRESS AAA Server is up-to-date (v6.7)

•

Splunk version 4.3.x