Minimum Requirements

      a. Installation of Pulse and a user account with Admin privilege.
      b. Credentials for Pulse API access (contact the support to obtain credentials).
      c. Installation of Splunk Enterprise (6.4 or later) and a user account with Administrator privileges.
      d. The Pwnie Express PwnPulse Technology Add-On from SplunkBase.

Enabling Integration

  1. Download the Pwnie Express PwnPulse Technology Add-On from SplunkBase at https://splunkbase.splunk.com/app/3725/
  2. Log in to Splunk Enterprise.
  3. On the Apps menu, click Manage Apps.
  4. Click Install app from file.
  5. In the Upload app window, click Choose File.
  6. Locate the .tar.gz file you downloaded from Step One, and then click Open or Choose depending on your browser.
  7. Click Upload. Afterward, click Restart Splunk, and then confirm that you want to restart.
  8. After Splunk is restarted, log in, and select the Pwnie Express PwnPulse add-on from Splunk Home.
  9. Under Configuration, select the Add-on Settings tab.
  10. Next, provide the Pulse API URL to be api.pwnieexpress.net and provide the credentials, i.e. API Access Key and API Secret Key. When complete, click the Save button.
  11. To verify the add-on is installed properly, select Inputs for the add-on and the following categories should be displayed:

    • Alerts
    • BlueToothDevices
    • NetworkHost, Scripts
    • Sensors
    • TaskSchedules
    • WirelessAccessPoints
    • WirelessClients.

  12. Finished.

At this time, Splunk will begin acquiring information from Pulse, but depending on the volume of data being initially retrieved, this might take anywhere between 5-60 minutes before data is
displayed on the Dashboard in Splunk Enterprise.

Important

If an hour has passed and the Splunk Dashboard fails to reflect any data, please acquire the
/opt/splunk/var/log/splunk/ta_pulse_pwnpulse_api.log log file from Splunk and contact
support@pwnieexpress.com for assistance.