Overview
FundApps’ platform allows you to stream audit logs to your Security Incident and Event Management (SIEM) tool.
⚠️ By proceeding, you acknowledge that you are aware that audit logs contain personal data. You are the controller of such personal data, and FundApps is no longer the processor of this personal data once it leaves the FundApps platform and your FundApps client environment. Please refer to the agreement with your SIEM provider in relation to the processing of this personal data within the SIEM provider’s system.
Supported SIEM Tools
Currently, the Audit Log streaming feature only supports SPLUNK. We plan to support Microsoft Sentinel soon.
Steps to Stream FundApps Audit Logs to SPLUNK
If you need to whitelist FundApps’ platform’s IP address, please contact our support team.
Generate a Splunk HEC token in your Splunk Instance.
If you use Splunk Cloud Platform or Splunk Enterprise, follow these instructions to generate the token you need to input into FundApps’ platform in the next step.
Make a note of your Splunk HEC URI.
If you use Splunk Cloud Platform or Splunk Enterprise, please follow these instructions to figure out your HEC URI. Logs will be sent as JSON-formatted events.
Log in to your FundApps instance with an Administrator or Tech user role.
Click on the Admin and Settings button (⚙️ icon) at the top right menu of your FundApps environment.
Copy the URI from step 2 (e.g. https://hec.splunk.com:8088/collector) in the Webhook URL field.
Copy the token from step 1 in the field called Auth token.
Click the Save button.
🎉 All new Authentication logs will now be streamed to your SIEM tool in real time.