Edit

Export Audit Logs to Splunk

Aisera's Gen AI platform includes the functionality to export audit logs in real-time to Splunk. This feature allows seamless integration of Aisera audit data with existing Security Information and Event Management (SIEM) systems, enhancing security monitoring and compliance.

Integration Setup

Create the Splunk Integration:

  1. Navigate to the Settings > Integrations page in the Aisera Admin UI.

  2. Click the + New Integration button.

  3. Search for and choose the Splunk icon.

  4. Name the integration.

  5. Provide the Splunk HTTP Event Collector (HEC) endpoint.

  6. Click Next.

  7. Set the Auth Type and fill in the parameters. Currently, only the Basic authorization type is supported for Splunk.

  8. Choose OK.

Data Source Setup

Add the Splunk Data Source:

  1. Navigate to Settings > Data Source in the Aisera Admin UI.

  2. Choose + New Data Source.

  3. Search for and select the Splunk icon.

  1. Click Next.

  2. Create and add a Name for your Splunk data source.

  3. Choose Forward Events as the function.

  1. Choose Audit History as the Data Type.

  2. After setting the Data Type, choose the name of the Integration that you created in the Integration Setup above.

  3. Enter an optional Description.

  4. Click Next.

  5. Ignore the options in the following windows and click Next.

  6. Click OK.

Event Triggers

To Set the Event Triggers:

  1. Navigate to AI Automation > Event Studio in the Aisera Admin UI.

  2. Click the + New Event Trigger button.

  3. Add a Name for the Trigger.

  4. Select Event Forwarder for the Event Handler Type.

  5. Click Next.

  6. Set the Event Forwarder options

  7. Select Splunk as the External System.

  8. Select your Splunk Data Source as the Data Sources option.

  1. Select AuditEvent as the Event Type

  2. Click OK

PreviousSplunkNextVeeva Vault

Last updated

Was this helpful?