Splunk Integration Guide
Step-by-Step Guide
- 
                Enable Splunk HTTP Event Collector (HEC)
                - Navigate to: Settings → Data Inputs → HTTP Event Collector
- 
                    Click on “New Token” and configure the following: - Name: CertSecure Logs
- Source Type: _json
- Index: (create one, see below)
 
- 
                    After creation, share the following details with the CertSecure team: - HEC Token: Token string used for authentication
- HEC Endpoint URL: e.g., https://splunk.example.com:8088
- Protocol: Confirm whether HTTP or HTTPS is used
 Note: If HTTPS is used, ensure that the SSL certificate used by Splunk is trusted by CertSecure’s backend. 
 
- 
                Create a Dedicated Index
                - Navigate to: Settings → Indexes → New Index
- 
                    Enter:
                    - Index Name:- certsecure_logs
 
- Click Save.
- Share this index name with the CertSecure Manager admin.
 
- 
                Ensure Network Connectivity
                - On the CertSecure backend server, ensure outbound access to port 8088.
- 
                    If using firewalld, run: sudo firewall-cmd --permanent --add-port=8088/tcp sudo firewall-cmd –reload 
- 
                    If IP whitelisting is enabled in Splunk: - Add the CertSecure backend’s IP to the allowed list.
 
 Once the above prerequisites are met, follow the below steps on the CertSecure Manager platform: 
- 
                Configure Splunk Integration in CertSecure Manager
                - Login to CertSecure Manager (Admin portal).
- Go to: Utilities → SIEM Integration → Splunk.
- Click “Add Configuration”.
- 
                    Fill in: - HEC Endpoint URL: https://splunk.example.com:8088
- HEC Token: Paste the token from Step 1
- Protocol: HTTPS or HTTP (as used in Splunk)
 
- Click “Save”.
 
- 
                Validate Connection
                - 
                    CertSecure Manager will automatically attempt to connect: - Checks token validity
- Confirms network access
- Verifies SSL certificate trust (if HTTPS)
 
- A message like “Connection Successful” will be shown on success.
 
- 
                    
- 
                Log Ingestion Begins
                Once validated, CertSecure Manager will begin periodic log ingestion into Splunk. 
- Sent in JSON format
- Tagged with appropriate source type for parsing
- Indexed under certsecure_logs
All logs will be:
