Installation and Configuration

Installation Steps

Step 1: Install the Add-on

Install the DB CyberTech TA by downloading the latest release from DB Cybertech Add-on. Or if you want to test beta code, from Github

Configure TA-DB_CyberTech

Note

Configuring Recieve Time When using older versions (pre 4.2.4), you may need to adjust the timestamp sourcing in the TA. On supported messages the time reciept is sourced from a field within the message rt. This field is a unix timestamp in seconds since epoch at the time the message is generated within the DBC-Security product. This will give you the most accurate time stamp for these events. However, on older versions, this field is missing from some syslog messages. This is a known bug and is fixed in future versions. In the meantime, please adjust the time_format and time_prefix fields in the props.conf to match the timestamp format used by your splunk interpreter to instead use recieved time.

Step 2: Associate input with TA

After installation, you’ll need to associate your incoming data with the Add-on’s sourcetype. This will apply the add-on’s transforms and settings to the data stream. Do this through the add data UI. For sourcetype, use dbn. You can then associate the traffic with either the DB Cybertech Add-on or App if you’re using it.