When customers configure splunk integration with insightVM does the account being used need to be an admin account or user account?
The Nexpose Technology Add-On for Splunk leverages the reporting data model and generation of reports to pull the data from the Nexpose/InsightVM console. Due to this, an admin account or an account with specific roles/access can be used. If using a non-admin role, I would recommend creating a new role with the following permissions:
- View Site Asset Data
- View Group Asset Data
- Create Reports
Then create a new account, assign the role, and give the user account access to the necessary Sites/Asset Groups. Just remember, any sites listed in the Splunk configuration will need to be given access to this user. Hope this helps @ralvarez!