Support homeSupport requestsSystem statusTrust center

Splunk

Integration guide for leveraging the security information and event management capabilities of your Splunk platform.

Suggest Edits

Objective

Deploy a 'After self-service login' hook to provide aggregated usage data drawn from your customer facing applications for Splunk by token-based access.

Overview

Splunk collects de-identified usage data from your applications to let your search through event logs, provide you with security alerts, and troubleshoot configuration issues.

📘

For more information about how Splunk collects and stores the data you share, and for examples, visit their knowledge base.

Prerequisites

General

  • Basic familiarity with nodejs, javascript, or similar languages

Splunk side

  • Splunk cloud tenant
  • New Splunk token
    • Token value

Strivacity side

  • Strivacity application to apply and test the integration
  • Identity store supporting 'USERNAME' identifiers
  • At least one registered account in the test application's identity store
  • 'After self-service login' hook from the Splunk event hook plugin

Configuration steps

Create a Splunk token

  1. Navigate to your Splunk cloud tenant: https://<domain>.splunkcloud.com/en-US/app/launcher/home
  2. Go to Settings.
  3. Go to Data inputs.
  4. Click “New Token”
  5. Give your input a Name, for example, 'Strivacity'.
  6. Choose the index you wish to emit events to from the “Select Allowed Index” chooser, for example, “main”.
  7. Click 'Review'.
  8. Review your settings, and click 'Submit'.
  9. Copy the 'Token Value' string on the post submission page.

Create an 'After self-service login' hook from the Splunk plugin

Our plugin library contains an off-the-shelf Splunk event hook template that jumpstarts your integration process and allows you to customize it to your needs.

  1. In the Admin Console, go to Lifecycle Event Hooks.
  2. Click ' Add plugin'. You will be redirected to the plugin library.
  3. Click on the Splunk logo. You can find it in the Event and Log Streaming section.
  4. There will be a pre-select for the event hook, so you only need to click 'Add'.
  5. Wait for the Splunk hook template to be added.

🚧

If the Admin Console doesn't want to add the hook, it's most likely that the name of the hook is already taken. Click 'Edit' and you can modify the name of the event hook. Then continue with 'Try again'.

  1. If the hook has been successfully added, you can return to the list view with 'Back to plugin library', then 'Back to event hooks'.

Customizing the event hook plugin

  1. Select the Splunk event hook you've just added.
  2. At SPLUNK_TOKEN, add the token value you have obtained from your Splunk tenant.
  3. At SPLUNK_URL, __ add the domain of your Splunk cloud tenant without anything after it, for example: https://<domain>.splunkcloud.com
  4. Click 'Save'. You can return to the event hooks with the 'Back to event hooks' button.

Implement additional logic you see fit.

Create a Strivacity application

  1. Go to Applications and click 'Create Application'.
  2. Add a name, description, and define the mandatory properties of the application.
  3. Scroll down to Lifecycle Event Hooks and assign your 'After self-service login' hook to your Strivacity test application to integrate with Splunk.
  4. Save your changes.

Copy the test application's self-service URL.

Test your integration

  1. Go to an incognito browser.

📘

Make sure only one incognito window is open as multiple windows share session information.

  1. Go to the self-service portal of the Strivacity application.
  2. Log in with an existing account.

📘

The login event, account, and session information (IP address, location data) will be dispatched to Splunk.

Updated 5 months ago