Configure proxy server settings in Splunk Enterprise Security
Configure a proxy in Splunk Enterprise Security to create threat lists and extract and customize intelligence data.
If your Splunk Enterprise Security deployment receives data from threat intelligence platforms through a proxy, you must apply the same proxy server settings to all the [threatlist] stanzas in the inputs.conf configuration file. Use Splunk Enterprise Security to configure the proxy server settings for all [threatlist] stanzas.
The proxy settings only impact data source integrations present within the Splunk Enterprise Security app. Data source integrations from the threat intelligence management (cloud) system provide data directly to the data source platforms.
Follow these steps to configure a proxy:
- In Splunk Enterprise Security, select Configure and then Intelligence.
- In the Threat intelligence management section, select Proxy and parser settings.
- Use the following table to configure the proxy server settings:
Setting Description Example Proxy server Proxy server IP address The proxy server cannot be a URL. For example, 10.10.10.10orserver.example.com.Proxy port Port to access the proxy server 8956Proxy user Proxy user credential for the proxy server. Only basic and digest authentication methods are supported.
The user must correspond to the name of a credential stored in Credential management. This is a required field.Proxy user realm Splunk Enterprise Security secure storage realm of the corresponding proxy user. Used to build the ID of the Splunk Enterprise secure storage array. (Optional) This value is different from remote site credentials.
See also
For more information on threat intelligence sources, see the product documentation:
| Overview of threat intelligence in Splunk Enterprise Security | Configure threat intelligence sources in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0
Download manual
Feedback submitted, thanks!