Splunk Integration
Stream privileged access data to Splunk for comprehensive SIEM analysis, security monitoring, and compliance reporting.
Enterprise SIEM Integration
Integrate privileged access data into your Splunk security operations.
Real-Time Event Streaming
Stream all access events, session data, and audit logs to Splunk in real-time via HTTP Event Collector.
Pre-Built Dashboards
Leverage pre-configured Splunk dashboards for privileged access monitoring and compliance reporting.
Security Analytics
Detect anomalous access patterns and potential security threats with advanced Splunk analytics.
Compliance Reporting
Generate SOC 2, PCI DSS, and HIPAA compliance reports using TigerAccess data in Splunk.
Complete Splunk Integration
Get Started in Minutes
Follow these simple steps to integrate TigerAccess with Splunk.
Create HEC Token
Configure HTTP Event Collector in Splunk and generate a token for TigerAccess.
# In Splunk:
1. Navigate to Settings > Data Inputs > HTTP Event Collector
2. Click "New Token"
3. Name: "TigerAccess"
4. Source type: "tigeraccess:audit"
5. Copy the token valueConfigure Integration
Add the Splunk integration in TigerAccess with your HEC endpoint and token.
tacctl integrations add splunk \
--hec-url=https://splunk.example.com:8088 \
--hec-token=<your-hec-token> \
--index=tigeraccess \
--enable-session-logs \
--enable-audit-logsInstall TigerAccess App
Install the TigerAccess app for Splunk to get pre-built dashboards and searches.
# Download from Splunkbase or install manually:
cd $SPLUNK_HOME/etc/apps
tar -xzf tigeraccess-app-for-splunk.tar.gz
$SPLUNK_HOME/bin/splunk restartEvent Fields in Splunk
TigerAccess events include the following structured fields for easy searching and analysis.
| Field | Description |
|---|---|
user | User who initiated the action |
action | Action performed (ssh, db, kube, etc.) |
resource | Target resource accessed |
outcome | Success or failure of the action |
session_id | Unique session identifier |
source_ip | Source IP address |
timestamp | Event timestamp |
duration | Session or action duration |
Real-World Scenarios
Security Operations
Integrate privileged access data into your SOC workflows with real-time alerts for suspicious activities, failed access attempts, and policy violations.
Compliance Auditing
Centralize all access logs in Splunk for comprehensive audit trails, automated compliance reporting, and evidence collection for auditors.
Threat Hunting
Correlate privileged access events with other security data in Splunk to identify advanced threats and lateral movement attempts.
Incident Investigation
Quickly investigate security incidents by searching and analyzing session recordings, command histories, and access patterns in Splunk.
Frequently Asked Questions
What data does TigerAccess send to Splunk?
TigerAccess sends comprehensive audit logs including authentication events, access requests, session activities, command executions, policy evaluations, and security events. All data is structured in JSON format following the Common Information Model (CIM).
Can I create custom alerts in Splunk for TigerAccess events?
Yes. All TigerAccess events are indexed in Splunk and can be used to create custom alerts, correlation searches, and dashboards. The TigerAccess app includes example searches you can customize.
Does TigerAccess support Splunk Cloud?
Absolutely. TigerAccess works with both Splunk Enterprise and Splunk Cloud. Simply configure the appropriate HEC endpoint for your Splunk Cloud instance.
How is sensitive data handled in logs?
TigerAccess automatically redacts sensitive data like passwords and secrets before sending logs to Splunk. You can configure additional field masking based on your security requirements.
Ready to Secure Your Infrastructure?
Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.
No credit card required • 14-day free trial • Enterprise support available