Splunk HEC

The Splunk integration pushes Findings data in JSON format to Splunk via the HTTP Endpoint Collector.

1. In your Splunk instance, go to Settings > Data Input.

   

2. From the input options, find HTTP Endpoint Collector and click "Add New".

   

3. Configure your HEC by giving it a name and a description, and then click "Next".

4. On the "Input Settings" page, select an index where you want to send the JSON formatted Nebulock Findings. Then click "Next".

   

5. On the final page, review your settings and if all is correct click "Submit". Then copy the generated token as you will need it in the next step.

   

6. In the Nebulock platform, go to Integrations and click "+ Add Integration" in the top right, then select "Splunk" from the Provider dropdown. Provide a name for your integration, and then paste the HEC URL and the Token from your Splunk instance. NOTE: Your Splunk HEC URL is in the following format, be sure to validate if you are using SSL or not

   1. http(s)://<your_splunk_hostname>:<port>/services/collector/event