8000 Update Splunk docs with new setup · SaFiSec/docs.hackerone.com@81be964 · GitHub
[go: up one dir, main page]
Skip to content

Commit 81be964

Browse files
martijnrusschenmartijnrusschen
committed
Update Splunk docs with new setup
1 parent 9f16be4 commit 81be964

File tree

7 files changed

+56
-15
lines changed

7 files changed

+56
-15
lines changed

docs/programs/images/splunk-add-input.png

101 KB
Loading

docs/programs/images/splunk-authentication.png

96 KB
Loading

docs/programs/images/splunk-data-inputs.png

69.8 KB
Loading

docs/programs/images/splunk-http-collector.png

154 KB
Loading

docs/programs/images/splunk-menu.png

80.9 KB
Loading

docs/programs/images/splunk-setup.png

108 KB
Loading

docs/programs/splunk-integration.md

Lines changed: 56 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4,25 +4,66 @@ path: "/programs/splunk-integration.html"
44
id: "programs/splunk-integration"
55
---
66

7-
You can configure a Splunk integration using webhooks to log events from HackerOne in Splunk. The Splunk integration enables data to be logged based on the configured event trigger. This integration is flexible and can be used to log data for any of the events listed.
7+
You can configure a Splunk integration to log events from HackerOne in Splunk. The Splunk integration enables data to be logged based on the configured event trigger. This integration is flexible and can be used to log data for any of the events listed.
88

99
> This integration is only available to Enterprise programs.
1010
11-
### Setup
1211

13-
To configure the Splunk integration:
14-
1. Get the HTTP Event collector endpoint by referencing the *Send data to HTTP Event Collector* section in the [Splunk documentation](https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector).
15-
2. Go to **Program Settings > Program > Webhooks**.
16-
3. Click **New webhook**.
17-
4. Enter the full HTTP event collector endpoint in Payload URL.
18-
5. Enter your webhook secret in the **Secret** field. The secret is used to validate that the request came from HackerOne. Learn how to [validate the payload using a secret](https://api.hackerone.com/webhooks/#payloads-validating-payloads-from-hackerone).
19-
6. Select which events you’d like to trigger the webhook. You can choose between:
12+
### Creating the HTTP Event collector
13+
1. In the top menu of Splunk, go to **Settings > Data Inputs**
2014

21-
Option | Details
22-
------ | -------
23-
Send me everything | All events will trigger the webhook.
24-
Let me specify individual events | You can choose which events you'd like to trigger the webhook.
15+
![splunk-menu](./images/splunk-menu.png)
2516

26-
Once you've successfully added the webhook, you'll be able to retrieve data from HackerOne in your Splunk instance.
17+
2. Click on **HTTP Event Collector**
2718

28-
Learn more about [managing webhooks](webhooks.html#managing-webhooks) and [viewing recent deliveries](webhooks.html#view-recent-deliveries).
19+
![splunk-add-input](./images/splunk-add-input.png)
20+
21+
3. Click on **New Token**
22+
4. Enter a name and click **Next** until you completed the setup of the connector
23+
24+
![splunk-http-collector](./images/splunk-http-collector.png)
25+
26+
5. Copy the token from the overview of data inputs and save it for the next step of the setup
27+
28+
![splunk-data-inputs](./images/splunk-data-inputs.png)
29+
30+
### Setup on HackerOne
31+
32+
1. Go to **Program Settings > Program > Integrations**.
33+
2. Click **Connect to Splunk**.
34+
3. Click on **Set up new integration**
35+
4. Click on **New authentication**
36+
37+
![splunk-setup](./images/splunk-setup.png)
38+
39+
5. In the popup enter the **Event Collector URL** and the **HEC token** (This is the same token you created ealier in the setup). See [the information below](#constructing-the-even-collector-url) for details on how to construct the URL.
40+
41+
![splunk-authentication](./images/splunk-authentication.png)
42+
43+
6. Click **Create** to save the authentication
44+
7. Enter a name for the Integration
45+
8. Click **Finish** to complete the integration
46+
9. Now click **Enable** to start using the integration
47+
48+
Once you've successfully added the intergration, you'll be able to retrieve data from HackerOne in your Splunk instance.
49+
50+
### Constructing the Even Collector URL
51+
52+
- The standard form for the HEC URI in Splunk Cloud free trials is as follows:
53+
`<protocol>://inputs.<host>:<port>/<endpoint>`
54+
55+
- The standard form for the HEC URI in Splunk Cloud is as follows:
56+
`<protocol>://http-inputs-<host>:<port>/<endpoint>`
57+
58+
- The standard form for the HEC URI in Splunk Cloud on Google Cloud is as follows:
59+
`<protocol>://http-inputs.<host>:<port>/<endpoint>`
60+
61+
----
62+
63+
- `<protocol>` is either http or https
64+
- You must add `http-inputs-` before the `<host>`
65+
- `<host>` is the Splunk Cloud instance that runs HEC
66+
- `<port>` is the HEC port number
67+
- `8088` on Splunk Cloud free trials
68+
- `443` by default on Splunk Cloud instances
69+
- `<endpoint>` is the HEC endpoint you want to use. In many cases, you use the `/services/collector` endpoint for JavaScript Object Notation (JSON)-formatted events or the `services/collector/raw` endpoint for raw events

0 commit comments

Comments
 (0)
0