Splunk HEC Connector

Deze connector kan in de cloud worden uitgevoerd.

The Splunk HEC Connector allows you to forward Ivanti Neurons Audit data to a centralized Splunk Enterprise platform for seamless data analysis. By consolidating audit data in Splunk, you eliminate the need to manually check multiple systems. Once ingested, Splunk can correlate this data with other sources—such as firewall, server, and application logs—to provide comprehensive security insights and enhance threat detection and incident response.

In order to connect Splunk Enterprise environment to the Neurons Platform, you must first enable HEC and create HEC tokens in Splunk Enterprise. For more information on how to set up HEC, see Splunk’s documentation. When you create a token, ensure that you select the Enable indexer acknowledgement checkbox.

Opties

The Splunk HEC connector has the following options:

• Connectornaam: een naam voor de connector.
• HEC service collector base URL: Enter the base URL for your Splunk HEC endpoint. Ensure that the URL is in the following format https://<splunkBaseURL>/services/collector.
• HEC Token: Enter the HEC token you created in your Splunk Enterprise environment. This token is required to authenticate and authorize the data sent from Ivanti Neurons. To get this token, you have to first create a HEC token within your Splunk Enterprise environment.
• Repeats: How often should the Neurons export the audit data to your Splunk Enterprise environment.
• Actief: de connector in- of uitschakelen. Wanneer deze actief is, worden gegevens geëxporteerd volgens de gedefinieerde planning.
• Test Connections: Click this button to ensure that Ivanti Neurons can successfully connect to your Splunk Enterprise environment using the provided HEC service collector base URL.
• Klik op Opslaan.

U kunt de connector pas opslaan nadat u het testen van de verbinding is gelukt.

Zie Connectors voor details over het configureren of gebruiken van connectors.