Share XDR data with Splunk Cloud by configuring the Splunk HEC connector.
The Splunk HEC connector utilizes the HTTP Event Collector to send XDR data to Splunk
Cloud. The connector supports connections to multiple Splunk Cloud instances.
Procedure
- Go to .
- Click Splunk HEC Connector (SaaS/Cloud).
- Click the toggle to enable or disable the integration.
- Configure the scope of data you want to send to Splunk Cloud.
Note
Sending activity data requires Trend Vision One credits. Configure the data allowance for transferring activity data and manage credit allocation in the Credit Usage app. - Configure the connection between Trend Vision One and your Splunk HEC server.
- Click Connect Splunk HEC Server.
- Configure the connection settings in the Splunk HEC Server
Connection panel.SettingDescriptionFirewall exceptionsTo ensure that Trend Vision One can properly communicate with your Splunk HEC server, configure the appropriate "Allow" rules in your firewall.Server addressIP address or FQDN for your Splunk HEC serverFormatData format
Note
Splunk HEC Connector (SaaS/Cloud) currently only supports JSON.ProtocolConnection protocolPortDefault port settings:-
HTTP: 8088
-
HTTPS: 8088
HEC TokenSplunk Event Collector tokenUse CA certificateUploads a CA certificate used to connect to your Splunk HEC serverServer requires client authenticationUploads the client authentication certificate -
- (Optional) Click Test Connection to verify if the settings are valid.
- Click Connect.
- Repeat the previous step to add multiple connection configurations for this integration.
- Click Save.