I see in the FAQ:
>
> Q: What components can I create using the SDK?
> A: For Sentinel, you can create Report plug-ins, Collectors, Actions,
> and
> Solution Packs. Solution Packs can contain Reports and Actions, plus
> other native Sentinel content such as correlation rules, workflows, etc.
>
>


I don't see integrators in that list; the SDK has a folder for
Integrators but it's basically empty. So just to be certain - Is there
any support for creating and building 3rd party Integrators? If not, is
there some supported alternate path?

I'm using the syslog integrator to forward events to a third party. The
issue I have is how the HOST field in the syslog header is generated;
the third party is expecting to see a constant value there for all
Sentinel-forwarded events (so that it can handle these messages
appropriately), even non-local ones. The current integrator doesn't seem
to support any configuration around that (we tried overriding APP_NAME
but the third-party app can't switch which field it looks at
apparently).

Thanks ahead of time for any info, even if it's just a confirmation that
it's unsupported.


--
albertchalegua
------------------------------------------------------------------------
albertchalegua's Profile: https://forums.netiq.com/member.php?userid=10126
View this thread: https://forums.netiq.com/showthread.php?t=56962