Skip to content

Splunk Notifications

You can set up Wallarm to send notifications to Splunk for the following events:

  • System-related:

    • new user created
    • integration settings changed
  • Vulnerability detected

  • Network perimeter changed

  • Hit detected

Setting up Notifications

Perform the following actions in the Splunk interface:

  1. Proceed to the SettingsAdd data menu section.

  2. Select Monitor to proceed to the Select Source step.

  3. Select HTTP Event Collector and enter the integration name into the Name field. All other fields are optional.

  4. Press the Next button to proceed to the Input Settings step.

  5. On the Input Settings step, you can keep the default configuration and click the Review button.

  6. On the Review step, check the correctness of the configuration. Click the Submit button to confirm the settings and proceed to the Done step.

  7. The generated token is displayed in the Token Value field on the Done step. Copy it to the clipboard to enter it into the HEC Token field when later creating a Splunk integration in the Wallarm interface.

Perform the following actions in the Wallarm interface:

  1. Proceed to the Integrations tab of the Settings section.

  2. Click the Splunk block or click the Add integration button and choose Splunk.

    !Adding integration via the button

  3. Paste the token value generated in Splunk into the HEC Token field.

  4. Paste the URL of your Splunk instance into the API URL field. For example, if you are using the Splunk cloud, the URL should be similar to the following: https://prd-p-tj2xx2f2xntv.cloud.splunk.com.

  5. Enter the integration name and select the event types you want to be notified of.

  6. Click Create.

Now notifications for events of the selected types will appear in Splunk.

Disabling Notifications

  1. Go to your Wallarm account → SettingsIntegrations in the EU or US cloud.

  2. Select an integration and click Disable.

  3. Click Save.

Removing Integration

  1. Go to your Wallarm account → SettingsIntegrations in the EU or US cloud.

  2. Select an integration and click Remove.

  3. Click Sure?.