Splunk Integration

When customers configure splunk integration with insightVM does the account being used need to be an admin account or user account?

The Nexpose Technology Add-On for Splunk leverages the reporting data model and generation of reports to pull the data from the Nexpose/InsightVM console. Due to this, an admin account or an account with specific roles/access can be used. If using a non-admin role, I would recommend creating a new role with the following permissions:

  • View Site Asset Data
  • View Group Asset Data
  • Create Reports

Then create a new account, assign the role, and give the user account access to the necessary Sites/Asset Groups. Just remember, any sites listed in the Splunk configuration will need to be given access to this user. Hope this helps @ralvarez!