Configure the SIEM Tool Plugin for Integration between Splunk and Bomgar Privileged Access

In addition to the steps outlined in the Bomgar SIEM Tool Plugin Installation and Administration, the Splunk integration also supports consumption of syslog output directly from the Bomgar Appliance.

All of the steps in this section take place in the Bomgar /appliance administrative interface.

Splunk Instance

  1. Target SIEM System: Select Splunk from the list.
  2. SIEM Syslog Host: Enter the hostname or IP address of the Splunk instance that should receive messages.
  3. SIEM Syslog Port: Enter the port used by the Splunk instance to receive syslog messages, usually port 1514.
  4. SIEM Syslog Protocol: Select the appropriate protocol from the list, usually UDP.
  5. Events to Process: Bomgar session data may contain many different event types. All types are available; however, only a subset may be desired in the SIEM tool. Select only the events you would like sent to Splunk. Events matching unchecked event types are ignored.