Ready to get started? Download the step-by-step guide below.
A key selling point to Admin By Request is the valuable Auditlog data we collect. All significant security events, such as Requests for elevated privileges, software installs and uninstalls, and programs run as administrator, are logged in the Admin By Request User Portal further use if necessary.
However, with large enterprises today generating gigabytes of data on a daily basis, it makes sense to provide the ability for our customers to manage this data in a tool of their choice – specifically, one designed for handling copious amounts of data from various different sources.
Our latest integration for Splunk does just that.
What the Integration Offers
This integration is simple: get Auditlog data sent in real-time from your User Portal to your Splunk environment to be indexed, structured, analyzed, and searched for your way.
Never miss a beat with what’s happening in terms of elevated privileges and access in your organization.
Extra visibility, security, and insight without having to find your way around new software? Check ✔
How It Works
This integration uses Splunk’s HTTP Event Collection (HEC) functionality combined with Admin By Request webhooks. Get it going in three simple steps:
- Set Up a Splunk HEC Channel – HEC is essentially an HTTP endpoint for your Splunk instance with an authorization token, which allows you to send data into Splunk.
- Define Webhook in Admin By Request – With Admin By Request webhooks (also referred to as a web callback or HTTP push API) you can subscribe to events in real-time instead of pulling data out in intervals.
- Receive Events – Auditlog events, such as Requests for elevated access, are now sent to the HEC endpoint.
Get started below with the self-service integration manual.
If you've identified a bug or have a suggestion for this integration, head to the Contact page and let us know.