Hello
We are considering moving forward witha BigFix/Splunk integration. The internal team that owns the Splunk software only wants to see desktops that belong to Accounting and Finance. That is their sweet spot. I haven’t had any experience with this integration but I was wondering if a role could be configured on the BigFix side. We do have the ability in BigFix now to determine account and Finance machines.
Has anyone done the BigFix/Splunk integration? Curious how granular this can get?
paging @jmaple …
My recollection is the Splunk integration uses the REST API, so it can be set up in a very granular way. I would probably start with an approach of creating a Role that has no Action rights, and only Computer rights on your Accounting & Finance machines. Grant that role access to the REST API.
Create an Operator Account specifically for the Splunk integration and add it to that Role. Use that when configuring the Splunk integration, and Splunk would only retrieve properties for those computers.
If you’re retrieving any non-Global properties, your operator account/Role will also need Reader access to the sites containing any Analysis properties that you want to retrieve; and the Analyses may also need to be “Activated” under that Operator Account, if you’re using any locally-activated analyses.
Thank you this is helpful