Splunk is widely used for monitoring, searching, analyzing, and visualizing machine-generated data in real-time.
With the Borneo Splunk integration, data security incidents raised by Borneo will be forwarded to the integrated HTTP Event Collector (HEC), enabling your security team to monitor for data privacy risks and which prevent the exposure of sensitive data.

How to integrate

1. In Splunk, generate a new HEC token on the Settings > Data Input > HTTP Event Collector page. Ensure you do not check Enable indexer acknowledgement as it is not required and integration might fail.
2. Go to the Configure > Notifications section of the Borneo dashboard and enable Splunk notifications.
3. Enter the following information to complete the setup:
  • The URL of the Splunk HTTP Event Collector endpoint, i.e. https://<splunk-endpoint>:<port>. (The default port is 8088). Ensure the Splunk HEC endpoint is accessible to the Borneo.
  • The HEC token generated in step 1.
  • Whether you want to send all incidents to Splunk automatically or prefer to manually send events from the Incidents dashboard.
  • If you choose to automatically send events to Splunk, you can configure the severity level(s) of the incidents to forward.
  • If the HEC endpoint needs a strictly secure connection then select the Strict SSL option.
4. Save the configuration.
Use Notification Policies to configure under what conditions should JIRA issue /Slack Notification / Splunk Alert will be raised
Last modified 10mo ago
Copy link