SIEM Integration with Splunk

Pre-requisites

To begin integrating Enpass with Splunk, ensure that you have configured HTTP Event Collector (Splunk Documentation) and its following details:

• HTTP Event Collector
• Port
• Path
• Token

Configure Enpass Admin Console to Send Event Logs to Splunk

1. Log in to Enpass Admin Console
2. Go to Settings > Event Logs.
   
3. Go to Configure button under SIEM Integration Section.
   
4. Select Splunk and Continue.
   
5. Enter the previously generated Host, Port, Path and Token.
   
6. Now Click Verify & Save.

 

---

Related topics

• Getting started with Event Logs
• Splunk Documentation – HTTP Event Collector
• Splunk Documentation – SSL Configuration
• Splunk Firewall Configuration