Splunk Integration Guide

Step-by-Step Guide

  1. Enable Splunk HTTP Event Collector (HEC)
    • Navigate to: Settings → Data Inputs → HTTP Event Collector
    • Click on “New Token” and configure the following:

      • Name: CertSecure Logs
      • Source Type: _json
      • Index: (create one, see below)
    • After creation, share the following details with the CertSecure team:

      • HEC Token: Token string used for authentication
      • HEC Endpoint URL: e.g., https://splunk.example.com:8088
      • Protocol: Confirm whether HTTP or HTTPS is used

      Note: If HTTPS is used, ensure that the SSL certificate used by Splunk is trusted by CertSecure’s backend.

  2. Create a Dedicated Index
    • Navigate to: Settings → Indexes → New Index
    • Enter:
      • Index Name:- certsecure_logs
    • Click Save.
    • Share this index name with the CertSecure Manager admin.
  3. Ensure Network Connectivity
    • On the CertSecure backend server, ensure outbound access to port 8088.
    • If using firewalld, run:

      sudo firewall-cmd --permanent --add-port=8088/tcp
      sudo firewall-cmd –reload
    • If IP whitelisting is enabled in Splunk:

      • Add the CertSecure backend’s IP to the allowed list.

    Once the above prerequisites are met, follow the below steps on the CertSecure Manager platform:

  4. Configure Splunk Integration in CertSecure Manager
    1. Login to CertSecure Manager (Admin portal).
    2. Go to: Utilities → SIEM Integration → Splunk.
    3. Click “Add Configuration”.
    4. Fill in:

      • HEC Endpoint URL: https://splunk.example.com:8088
      • HEC Token: Paste the token from Step 1
      • Protocol: HTTPS or HTTP (as used in Splunk)
    5. Click “Save”.
  5. Validate Connection
    1. CertSecure Manager will automatically attempt to connect:

      • Checks token validity
      • Confirms network access
      • Verifies SSL certificate trust (if HTTPS)
    2. A message like “Connection Successful” will be shown on success.
  6. Log Ingestion Begins

    Once validated, CertSecure Manager will begin periodic log ingestion into Splunk.

  7. All logs will be:

    • Sent in JSON format
    • Tagged with appropriate source type for parsing
    • Indexed under certsecure_logs