Skip to content

Splunk

You can set up Wallarm to send alerts to Splunk when the following events are triggered:

  • Hits detected

  • System related: newly added users, deleted or disabled integration

  • Vulnerabilities detected

  • Scope changed: updates in hosts, services, and domains

Setting up integration

In Splunk UI:

  1. Open the SettingsAdd Data page and select Monitor.

  2. Select the HTTP Event Collector option, enter an integration name and click Next.

  3. Skip choosing the data type at the Input Settings page and continue to Review Settings.

  4. Review and Submit the settings.

  5. Copy the provided token.

In Wallarm UI:

  1. Open SettingsIntegrations tab.

  2. Click the Splunk block or click the Add integration button and choose Splunk.

  3. Enter an integration name.

  4. Paste the copied token into the HEC token field.

  5. Paste HEC URI and the port number of your Splunk instance into the HEC URI:PORT field. For example: https://hec.splunk.com:8088.

  6. Choose event types to trigger notifications. If the events are not chosen, then Splunk alerts will not be sent.

  7. Click Add integration.

Splunk integration

Updating integration

To update the settings of active integration:

  1. Go to your Wallarm account → SettingsIntegrations in the EU or US cloud.

  2. Open an active integration.

  3. Make required changes and click Save.

Disabling integration

To stop sending reports and notifications temporarily, you can disable the integration:

  1. Go to your Wallarm account → SettingsIntegrations in the EU or US cloud.

  2. Open an active integration and click Disable.

To re-enable sending reports and notifications, open the disabled integration and click Enable.

Deleting integration

To stop sending reports and notifications permanently, you can delete the integration. Deleting an integration cannot be undone. The integration will be removed from the list permanently.

  1. Go to your Wallarm account → SettingsIntegrations in the EU or US cloud.

  2. Open integration and click Delete.

  3. Confirm the action.