Unified Splunk Integration (Limited Availability)

Egnyte offers a unified Splunk integration, combining the capabilities of Collaborate and Secure & Govern into a single, powerful app for a simpler and more seamless experience. The integration provides events from both products, along with improved security through token-based authentication. Some of these events include file access activity, permission changes, external sharing actions, and anomaly alerts.

Customers can enable HEC on their Splunk instance through a simple step-by-step UI process. In just a few clicks, they can generate the token and endpoint, then use these credentials to complete the setup directly within the Egnyte interface.  

 

Skip Ahead To...

Key Benefits 

Configuration Steps 

Obtaining HEC Token

 

Key Benefits 

• Centralized Visibility Across the Organization
• Faster Detection & Response to Risks - Security teams can create Splunk alerts based on Egnyte events
• Compliance & Audit Readiness - Egnyte events help customers meet auditing needs
• Operational Insights for IT & Governance - Beyond security, IT teams can use the data to monitor usage patterns. They can understand which folders or content types are most accessed

Back to Top...

 

Configuration Steps 

1. Navigate to Apps & Integrations.
   
2. Search for Splunk HEC and click on Enable Integration.
   
3. Click on Configure.
   
4. Click on Allow Access to provide access. 
   
5. Enter the API details as Splunk HEC Token and API Endpoint. Click on Next. 
   
   Users can expand and learn more about the steps to obtain HEC token and follow the steps to generate API endpoint. 
   
6. Complete the integration setup by selecting the events as All Events (default) or Specific Events. Select the sync start date. Users can select the date from the last seven days or the current date for Collaborate. For Secure & Govern, the date can be selected from the last 3 months. The default selection is the current date in both the cases. Click on Enable Integration.
       
7. The configuration will then be complete. 
   
   
   

Back to Top...

 

Obtaining HEC Token

1. Log in to the Splunk instance as an administrator and navigate to Settings → Data Inputs.
   
   
2. Click on HTTP Event Collector.
   
3. If the token has already been generated, click on Copy to copy the token. Alternatively, click on New Token to generate the new token.
   
4. Configure the token settings and click on Next. 
   
   • Provide a name for the token
   • Select the appropriate source type
   • Choose the destination index
   
   
5. Click Review and then Submit.
   
6. The token will be successfully generated. Copy the generated token value.
   

Back to Top...