Integrate with Splunk

You can configure Sqreen to send information about security events and incidents to Splunk Enterprise or Splunk Cloud.

  1. Use the Splunk Enterprise or Splunk Cloud documentation to enable the HTTP Event Collector and create an Event Collector token.
  2. In the Sqreen Dashboard, navigate to your Settings > Integrations.
  3. In the Webhook pane, enter the following values in the fields:
    • URL: the destination in Splunk to which you want to send Sqreen security events (see Splunk Enterprise and Splunk Cloud documentation for details)
    • Secret: the Event Collector token you created in your Splunk Enterprise or Splunk Cloud instance
  4. Test, then Save the configuration.

The body of each request Sqreen sends to Splunk is encoded in JSON, as indicated by the content-type application/json with UTF-8 encoding (as per RFC 4627).

Sqreen sends an array of payloads to the URL you specified. Review the payload contents and structure in the Sqreen Webhooks documentation.