You can set up Wallarm to send notifications to Splunk for the following events:
- new user created
- integration settings changed
- Vulnerability detected
- Network perimeter changed
Perform the following actions in the Splunk interface:
- Proceed to the Settings → Add data menu section.
- Select Monitor to proceed to the Select Source step.
- Select HTTP Event Collector and enter the integration name into the Name field. All other fields are optional.
- Press the Next button to proceed to the Input Settings step.
- On the Input Settings step, you can keep the default configuration and click the Review button.
- On the Review step, check the correctness of the configuration. Click the Submit button to confirm the settings and proceed to the Done step.
- The generated token is displayed in the Token Value field on the Done step. Copy it to the clipboard to enter it into the HEC Token field when later creating a Splunk integration in the Wallarm interface.
Perform the following actions in the Wallarm interface:
- Proceed to the Integrations tab of the Settings section.
Click the Splunk block or click the Add integration button and choose Splunk.
- Paste the token value generated in Splunk into the HEC Token field.
- Paste the URL of your Splunk instance into the API URL field. For example, if you are using the Splunk cloud, the URL should be similar to the following:
- Enter the integration name and select the event types you want to be notified of.
- Click Create.
Now notifications for events of the selected types will appear in Splunk.
- Go to your Wallarm account > Settings > Integrations by the link below:
- Select an integration and click Disable.
- Click Save.