Check splunk connected with theHive

[MohammadTtay]

Request Type

Help Wanted

Problem Description

theHive deployed on first server and i can access it like this : http://ip:9000 how can i connect my splunk on second server to theHive

If I want to explain in detail : I have created an account for theHive .Then i have taken an API in my theHive and set the API as password of my account in this TA as in doc said . can you help me in detail ?

[LetMeR00t]

Hi @MohammadTtay I don’t get your point sorry Isn’t adding a new instance what you want ?

[MohammadTtay]

Yes i do . I just want to connect an instance But I dont know how? Actually i cannot be sure that my instance connected or not Can you explain for me in detail ?

[LetMeR00t]

As soon as you have added it in the Instances lookup as shown, you can go in the dashboard used to get the alerts or the cases in the navigation bar. When selecting your instance in the dashboard using the corresponding input, you shall have the results shown in the dashboard. If not (nothing shown and a little warning/error appears in the panels of the dashboard), check the « Audit Logs » dashboard for any error or check the job logs in details to find any error.

[LetMeR00t]

Hello @MohammadTtay Any update on this ? Thank you

[MohammadTtay]

I should get certificate for my server which thehive running on it ?

[LetMeR00t]

Hello I don’t get your point, did you have any log useful to determine what is the issue ? Thank you