Configuration

To configure the app:

1. Log in to the Splunk WebUI.
2. Go to the app configuration page:
   • Click the name of the add-on on the Home page left navigation panel

     Or

   • Go to Manage Apps > Launch app in the row for Check Point Response Add-on for Splunk.
3. Click Configuration > Server > Add.
4. Enter the appropriate details in the Add Server window. See the table below for configuration related inputs.
5. Click Add.

   Input	Required	Description
   Name	Yes	Unique name for the server.
   Server Group Name	Yes	Group name (case sensitive) for the server. It can be the same for multiple servers. Users can select this group name while configuring an alert action to upload to all the servers of the group.
   Server OS	Yes	Operating system of the server.
   Server IP/Hostname	Yes	IP or hostname of the server.
   Port Number	No	Port to use for file transfer. Defaults to 22 if nothing is specified (Not needed if the server OS is Windows).
   Domain	No	Domain to which the server belongs (only if the server OS is Windows).
   Authentication Mechanism	Yes	Authentication mechanism used to connect to the server.
   Username	Yes	Username of the server.
   Password/Passphrase	No	Password for the username specified or passphrase for the key.
   Key File Path (Local)	No	Path to the private key file. The specified path should be on the local machine where the app is configured.
   Upload Path	Yes	Path on the server where the user wants to upload the IOC (threat indicator) file.

Note - To validate the parameters provided, the app uploads a sample text file named splunk_test_file_transfer.txt on the destination server at a specified location.