Integrating Splunk Cloud

Splunk Cloud is a cloud-based security orchestration, automation, and response system. It integrates security infrastructure orchestration, playbook automation, and case management capabilities.

You can integrate Splunk Cloud with the Delinea Platform by using webhooks.

Prerequisites

Ensure you have all the required accounts and utilities before starting the integration:

  • Admin account with federation privileges on the Delinea Platform

  • Admin account in Splunk Cloud

Configuring Splunk Cloud

To use the Splunk Cloud for integration, you must create an HTTP Event Collector, which allows you to send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols. For more details, see Splunk official documentation.

Creating an HTTP Event Collector in Splunk Cloud

To create an HTTP Event Collector:

  1. Log in to Splunk Cloud as an Administrator.

  2. Select the Settings tab then select Add Data.

  3. Select Monitor.


  4. In the dialog, select HTTP Event Collector.

  5. Fill in the form for the new HTTP Event Collector.


  6. Click Next > Preview.

  7. Verify the details for the newly created HTTP Event Collector and select Submit.

  8. Go back to Settings and select Data inputs.

  9. Choose your HTTP Event Collector and copy its token value.


Configuring Webhooks on the Delinea Platform

This section explains how to configure webhooks to work with Splunk Cloud. For more details about the concepts and general procedures in this section, see Webhooks Management.

Creating a Webhook

To create a webhook:

  1. Log on to the Delinea Platform.

  2. From the left navigation menu, select Settings > Webhooks.

  3. Select Create Webhook.

    The Create Webhook dialog opens.

  4. In the Create Webhook dialog, complete the following fields:

    • Name: Enter a unique name for the webhook to help identify it in your system.

    • Endpoint URL: A URL of your Splunk Cloud instance.

    • Description: Enter a brief description of the webhook to provide context about its specific function.

    • Webhook State: Use the checkbox to enable or disable the webhook, where checking it makes the webhook active and unchecking it disables notifications.

    • Triggers: Choose Service, Level, and Event Type for your webhook subscription to receive notifications and add the Target to triggers.

    • Key: The name of the header you want to add. It serves as an identifier for the data you are sending in the header.

    • Value: The value associated with the header key. It is the data you intend to send with the webhook request under the specified header key.

  5. Provide other required details, then click Save.


Testing Webhooks on the Delinea Platform

You can test your webhook to verify that the destination URL is correct and the connection is successful.

To test a webhook:

  1. From the left navigation menu, select Settings > Webhooks.

  2. Open the webhook and select Action > Test Webhook.


Verifying Splunk Cloud Integration with the Delinea Platform

To confirm that the first connection between the services is successful, you can generate log files and check the integration of the Splunk Cloud and Delinea Platform.

Verifying Integration in Splunk Cloud

To verify Delinea Platform integration with Splunk Cloud:

  1. Log in to the Splunk Cloud as an Administrator.

  2. In the Search field, enter a query as index=*.

  3. Select the search icon to verify logs from the platform.

You should see the latest log files.

Verifying Integration on the Delinea Platform

Based on a webhook test result, you can check the log files. For more details, see Webhooks Logs.