Integrating Splunk Enterprise with Secret Server

Integrating Secret Server event data with Splunk SIEM solutions can give organizations deep insight into privileged account usage (such as Windows local administrator, service or application accounts, UNIX root accounts, Cisco enable passwords, and more). Together, these tools provide secure access to privileged accounts and greater visibility to meet compliance requirements and detect internal network threats.

Splunk Enterprise software enables you to search, analyze, and visualize the data gathered by your Secret Server instance. By using the data in Splunk, you can perform real-time event analysis and gain visibility into the use of privileged account data in Secret Server.

After the data source is defined, Splunk Enterprise indexes the data stream and parses it into a series of individual events that you can view and search.

This integration is designed for Secret Server with Splunk Enterprise. For the Delinea Platform, the integration is available for both Splunk Cloud and Splunk Enterprise. For more information, refer to the Integrating Splunk Enterprise with the Delinea Platform and Integrating Splunk Cloud with the Delinea Platform.

For more information about this integration, see the following topics:

• Prerequisites. Lists the requirements for the integration.

• Setup. Provides information on how to set up Secret Server to forward data to Splunk.

• Configuration. Provides information on how to configure logging settings in Secret Server.

• Verification. Provides information on how to access Secret Server events in Splunk and how to filter them.