Splunk HEC Connector

This connector can be run in the cloud.

The Splunk HEC Connector allows you to forward Ivanti Neurons Audit data to a centralized Splunk Enterprise platform for seamless data analysis. By consolidating audit data in Splunk, you eliminate the need to manually check multiple systems. Once ingested, Splunk can correlate this data with other sources—such as firewall, server, and application logs—to provide comprehensive security insights and enhance threat detection and incident response.

In order to connect Splunk Enterprise environment to the Neurons Platform, you must first enable HEC and create HEC tokens in Splunk Enterprise. For more information on how to set up HEC, see Splunk’s documentation. When you create a token, ensure that you select the Enable indexer acknowledgement checkbox.

Options

The Splunk HEC connector has the following options:

• Connector name: A name for the connector.
• HEC service collector base URL: Enter the base URL for your Splunk HEC endpoint. Ensure that the URL is in the following format https://<splunkBaseURL>/services/collector.
• HEC Token: Enter the HEC token you created in your Splunk Enterprise environment. This token is required to authenticate and authorize the data sent from Ivanti Neurons. To get this token, you have to first create a HEC token within your Splunk Enterprise environment.
• Repeats: How often should the Neurons export the audit data to your Splunk Enterprise environment.
• Active: Enable or disable the connector. When active, it exports data according to the defined schedule.
• Test Connections: Click this button to ensure that Ivanti Neurons can successfully connect to your Splunk Enterprise environment using the provided HEC service collector base URL.
• Click Save.

You can save the connector only after you successfully test the connection.

For details on configuring or using connectors, see Connectors.