Edit

Export Audit Logs to Splunk

Aisera's Gen AI platform includes the functionality to export audit logs in real-time to Splunk. This feature allows seamless integration of Aisera audit data with existing Security Information and Event Management (SIEM) systems, enhancing security monitoring and compliance.

Integration Setup

Create the Splunk Integration:

  1. Navigate to the Settings > Integrations page in the Aisera Admin UI

  2. Click the + New Integration button

  3. Search for and choose the Splunk icon

  4. Name the integration

  5. Provide the HTTP Event Collector (HEC) endpoint

  6. Click Next

  7. Set the authentication type and fill in the parameters

Data Source Setup

Add the Splunk Data Source:

  1. Navigate to Settings > Data Source in the Aisera Admin UI

  2. Choose + New Data Source

  3. Search for and select the Splunk icon

  4. Choose Event Trigger as the function

  5. Choose Audit History and Audit History Data Type as the Data Types

  6. Click Next

Event Triggers

Set the Event Triggers:

  1. Navigate to AI Automation > Event Studio in the Aisera Admin UI.

  2. Click the + New Event Trigger button.

  3. Add a Name for the Trigger.

  4. Select the new Event Forwarder option for the Event Handler Type

  5. Choose Next

  6. Set the Event Forwarder options

  7. Select Splunk as the External System

  8. Select your Splunk Data Source as the Data Sources option

  9. Choose Audit History as the Data Type

  10. Select AuditEvent as the Event Type

  11. Click OK

Delivery Schedule

Set the Delivery Schedule:

  1. Navigate to the Audit Trail page in the Aisera Admin U

  2. Select your Splunk integration, choose event types, and set delivery schedules (real-time or batch).

  3. Validation and Monitoring

  4. Test the configuration to ensure connectivity

  5. Monitor export status and error alerts in the Admin UI

Activation

Enable the export configuration to start streaming logs

PreviousSplunkNextVeeva Vault

Last updated

Was this helpful?