Integrating Splunk Cloud with Secret Server

Integrating Secret Server event data with Splunk SIEM solutions can give organizations deep insight into privileged account usage (such as Windows local administrator, service or application accounts, UNIX root accounts, Cisco enable passwords, and more). Together, these tools provide secure access to privileged accounts and greater visibility to meet compliance requirements and detect internal network threats.

Splunk Cloud Platform enables you to search, analyze, and visualize the data gathered by your Secret Server instance. By using the data in Splunk, you can perform real-time event analysis and gain visibility into the use of the privileged account data in Secret Server.

Currently, the integration with Splunk Cloud Platform is available only for Secret Server On-Premises.

For information about the integration prerequisites, setting up and configuring this integration, see the following topics:

• Prerequisites. Lists the requirements for the integration.

• Setup. Provides information on how to set up event forwarders in Splunk Cloud Platform.

• Configuration. Provides information on how configure Secret Server for the integration.

• Verification. Provides information on how to access Secret Server events in Splunk and how to filter them.