Splunk
Integration guide for leveraging the security information and event management capabilities of your Splunk platform.
Objective
Deploy a Post-Account Login hook to provide aggregated usage data drawn from your customer facing applications for Splunk by token-based access.
Overview
Splunk collects de-identified usage data from your applications to let your search through event logs, provide you with security alerts, and troubleshoot configuration issues.
For more information about how Splunk collects and stores the data you share, and for examples, visit their knowledge base.
Prerequisites
General
- Basic familiarity with nodejs, javascript, or similar languages
Splunk side
- Splunk cloud tenant
- New Splunk token
- Token value
Strivacity side
- Strivacity application to apply and test the integration
- Identity store supporting 'USERNAME' identifiers
- At least one registered account in the test application's identity store
- Post-Account Login hook
- Sample Splunk integration code block from our hook repository: https://github.com/Strivacity/integrations/blob/master/hooks/splunk/post-account-login.hook.js
Configuration steps
Create a Splunk token
1) Navigate to your Splunk cloud tenant: https://<domain>.splunkcloud.com/en-US/app/launcher/home
2) Go to Settings.
3) Go to Data inputs.
4) Click “New Token”
5) Give your input a Name, for example, 'Strivacity'.
6) Choose the index you wish to emit events to from the “Select Allowed Index” chooser, for example, “main”.
7) Click 'Review'.
8) Review your settings, and click 'Submit'.
9) Copy the 'Token Value' string on the post submission page.
Create a Post-Account Login hook in Strivacity
1) In the Admin Console, got to Lifecycle Event Hooks.
.png)
2) Click 'Create Lifecycle Event Hook'
3) Fill in the basic information:
- Name your new hook
- Add a description
- Select 'Pre-Registration' for the hook type
4) Save to continue.
5) Go to our repository to fetch the Post-Account Login hook we provide as a jumping-off point for integrating with Splunk.
6) Replace the default Post-Account Login code block with the hook code from the repository.
7) At SPLUNK_TOKEN, add the token value you have obtained from your Splunk tenant.
8) At SPLUNK_URL, __ add the domain of your Splunk cloud tenant without anything after it, for example: https://<domain>.splunkcloud.com
9) Save your hook.
Implement additional logic you see fit.
Create a Strivacity application
1) Go to Applications and click 'Create Application'.
2) Add a name, description, and define the mandatory properties of the application.
3) Scroll down to Lifecycle Event Hooks and assign your Post-Account Login hook to your Strivacity test application to integrate with Splunk.
4) Save your changes.
Copy the test application's self-service URL.
Test your integration
1) Go to an incognito browser.
Make sure only one incognito window is open as multiple windows share session information.
2) Go to the self-service portal of the Strivacity application.
3) Log in with an existing account.
The login event, account, and session information (IP address, location data) will be dispatched to Splunk.
Updated 5 months ago