Customers can send Cloudmersive Virus Scan API scan logs to Splunk. This enables customers to view threat detections easily in Splunk. This is in addition to operational logs.

Requirements:

• The Splunk instance must be reachable on the network from your Cloudmersive Private Cloud servers
• Your Splunk instance must have an HTTP Event Collector configured on either HTTPS (recommended) or HTTP
• You must create a Splunk Access Token for Cloudmersive Private Cloud to connect to your server
• Cloudmersive Private Cloud will directly connect to Splunk's HTTP Event Collector over HTTPS or HTTP so there is no need for the Splunk Universal Forwarder
• The Cloudmersive Private Cloud server does not need to be restarted to enable logging

To enable this, follow these steps:

• Navigate to the Cloudmersive Management Portal and click on Private Cloud; select the relevant Cloudmersive Private Cloud node. We recommend starting with pre-production nodes first
• Click on Configure Node and then Advanced Configuration
• Enable Log Virus Scan Outcomes to Splunk' and provide theSplunk URLto your Splunk HTTP Event Collector, which should look something like this:https://mydomain.splunkcloud.com:8088/services/collector. Also provide the Splunk Access Token. Click onSave Changes`.
• Click on Push Configuration to push your configuration update in real time to your server.

Events should now begin flowing to Splunk. Generate events by virus scanning a file with the Virus Scan API. Now check your Splunk Index for events. Note that there could be an indexing delay as events are received by Splunk prior to them appearing in the index.