Solved

Integration with Splunk for A360 Cloud

  • 25 August 2023
  • 5 replies
  • 75 views

Badge +2

Hello, 

In the following topic, there was a comment that Cloud can also be integrated with Splunk starting with the (A360.25) version, is it my understanding from the release notes and documentation that integration is not yet available for Cloud?


Is there another way to send audit logs to Splunk if the above integration is not yet available in the cloud?

Syslog Server Integration
https://docs.automationanywhere.com/ja-JP/bundle/enterprise-v2019/page/enterprise-cloud/topics/control-room/administration/settings/cloud-syslog-config.html

icon

Best answer by ravi.pothana 28 August 2023, 18:23

View original

5 replies

Userlevel 2
Badge +8

Hi @Ryutata,

You can integrate A360 with SIEM, audit logs can be sent to analytic tools, such as Splunk, Qradar, Sumologic, and ArcSight and view audit logs on Splunk dashboards.

According to the release notes, Splunk integration is supported from version:
https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/release-notes/release-automation-360-v23.html

You have to add a Data input in Splunk and configure a instance to listen on TCP/UDP port to capture the data, once you have Splunk configured and ready, you can configure A360 with SIEM integration as below. 

  1. Log in to the control room with Admin credentials and navigate to Settings->Syslog
  2. Add the Splunk Server Host , Port, Protocol  and save.

image.png

Here is the documentation on Configuring integration with SIEM:
https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/control-room/administration/settings/cloud-siem-integration-configuration.html

Hope this helps!

Thanks. 

Userlevel 5
Badge +10

@Ryutata  You have to install splunk forwarder into your control room server and configure log path in splunk header… 

Badge +2

Hi @ravi.pothana,

Thank you for letting me know.
Are SIEM integration features available in the cloud deployment model?

<Deployment model>
https://docs.automationanywhere.com/ja-JP/bundle/enterprise-v2019/page/enterprise-cloud/topics/security-architecture/cloud-automation-anywhere-enterprise-overview.html

Userlevel 2
Badge +8

Hi @Ryutata

Yes, SIEM integration features are available in cloud deployment. 


For cloud deployment model, you have to ensure IP address of cloud Control Room is whitelisted on SIEM server based on Region in customer infrastructure. 
https://docs.automationanywhere.com/bundle/enterprise-v2019/page/enterprise-cloud/topics/control-room/git-integration/cloud-git-whitelisted-nat-ips.html 

Thanks!

Badge +2

Hi @ravi.pothana 
Thanks for letting me know. I really appreciate your help.

Reply