Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Splunk SIEM Integration Setup

Splunk SIEM is a cloud-based security solution that detects threats in real time, analyzes event and incident log data from all security tools. miniOrange provides secure access and full control to Splunk for enterprises and applications. With the help of the given guide you can configure Splunk easily.


Get Free Installation Help


miniOrange offers free help through a consultation call with our System Engineers to setup SIEM integration with your Splunk Instance in your environment with 30-day free trial.

For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.



1. Enable HTTP Event Collector (HEC)

  • Log in to Splunk Web as admin.
  • Navigate: Settings >> Data Inputs.
    • Splunk Single Sign-On (sso) Dashboard

  • Select HTTP Event Collector.
    • Splunk Single Sign-On (sso) Data Inputs

  • Click on New Token button.
    • Splunk Single Sign-On (sso) HTTP Event

  • Configure:
    • Name: AuditLogIntegration (Any Name of your choice)
    • Source type: _json (Can keep as Automatic)
    • Index: e.g., main (Can keep as Default)
    Splunk Single Sign-On (sso) Input Settings

  • Finish and copy the Token Value.
    • Splunk Single Sign-On (sso) Token Created

2. Configure Splunk in miniOrange

  • Login on admin dashboard. Select SIEM Management from side menu.
    • Splunk Single Sign-On (sso) Token Created

  • Click on Configure and select Splunk.
    • Splunk Single Sign-On (sso) Select Splunk

  • Provide display-Name,

    API Key(HEC Token copied from step 1)

    and Endpoint URL (https://<SPLUNK_HOST>:8088/services/collector/event)

    • Splunk Single Sign-On (sso) Endpoint URL

  • Save SIEM configuration.
  • Now enable Activate to start sending audit to SPLUNK.
    • Splunk Single Sign-On (sso) SIEM List


    Note:

    Superadmin can also activate the SIEM tool for customers using the Manage activation options. Admin can either activate the SIEM tool for all the customers using Activate For all customers option or can activate for individual customers using manage activation option available under the actions menu by clicking on 3 dots.
    Please follow this guide to know more.



  • Select Activate For All Customers :
    • Superadmin can toggle Activate For All Customers to enable the SIEM tool for all tenants in one action.
    Select Activate For All Customers

  • Select Manage Activation :
    • Superadmin can use Manage Activation to selectively enable the SIEM tool for individual customer accounts.
    Select Manage Activation

3. Validate Data in Splunk

  • Go to Search & Reporting app.
  • Run query: index=main source="AuditLogIntegration" (HTTP Event Collector Name)
  • Confirm logs appear as expected.
    • Splunk Single Sign-On (sso) Validate Data in Splunk

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products

Single Sign-On

Seamless login for workforce and customer identity to cloud or on-premise apps

Learn more

Multi-factor Authentication

Secure access for identities with an additional layer of authentication

Learn more

Adaptive Authentication

Block or grant user access based on IP, Device, Time & Location

Learn more

Lifecycle Management

Manage & automate user provisioning and deprovisioning to apps

Learn More