This page provides step-by-step instructions for integrating Splunk Cloud with HackNotice, which will streamline the collection and analysis of cybersecurity data. Following the below steps and guidelines to efficiently configure the integration.
NOTE: This article is for Splunk Cloud only. For Splunk On-Prem, please reach out to your HackNotice Represntative
Prerequisites
Before initiating the integration process, ensure that you have:
- Access to a valid Splunk account with administrative privileges.
- Credentials for your HackNotice account.
- Necessary permissions to configure data inputs in Splunk.
Integration Steps
-
Accessing Splunk Settings
1.1 - Log in to your Splunk account using valid credentials.
1.2 - Navigate to the "Settings" tab within your Splunk dashboard.
1.3 - Click on "Data Inputs" to access the data input configuration settings.
- Adding HTTP Event Collector (HEC)
2.1 - Within the Data Inputs section, click on "+ Add new" next in the HTTP Event Collector row.
2.2. - Provide a meaningful name for the token and proceed to the next step.
2.3 - Select the desired index for storing HackNotice data and click "Review."
2.4 - Review the configured settings and click "Submit" to confirm the creation of the HEC token.
- Retrieving HEC Token
3.1 - Upon successful submission of an HEC token, you will receive your HEC token value.
3.2 - The HEC URL can be obtained from your Splunk Cloud Environment.
- Configuring HackNotice Account
4.1 - Open HackNotice and navigate to "Business > Account > Account”.
4.2 - Copy the previously obtained HEC token and paste it into the designated field for Splunk HEC Token.
4.3 - Copy the HEC URL from your Splunk Cloud Environment and paste it into the designated field for Splunk HEC URL.
4.4. - Click "Submit" to save the configuration.
Comments
0 comments
Please sign in to leave a comment.