Security Tool Integration

Splunk

Integrate TigerIdentity with Splunk for comprehensive log aggregation, security analytics, and automated incident response based on identity events.

Book a DemoView Documentation

Key Features

Log Aggregation

Send all TigerIdentity decision logs, audit events, and access grants to Splunk.

Advanced Analytics

Use Splunk queries to analyze access patterns, detect anomalies, and investigate incidents.

Security Investigations

Correlate identity events with security alerts for comprehensive threat investigation.

Context Enrichment

Import Splunk Notable Events and risk scores into TigerIdentity access decisions.

Bi-Directional Integration

Send logs to Splunk and receive security signals back for real-time policy enforcement.

Automated Response

Trigger access revocation based on Splunk alerts and correlation searches.

How It Works

1

Configure HEC

Set up Splunk HTTP Event Collector (HEC) and create a dedicated index for TigerIdentity.

2

Forward Logs

TigerIdentity sends decision logs, audit events, and access grants to Splunk in real-time.

3

Import Signals

Configure Splunk to send Notable Events and risk scores back to TigerIdentity.

4

Automated Response

Use Splunk alerts to trigger access revocation and session termination in TigerIdentity.

Configuration Example

connector:
  type: splunk
  name: "splunk-enterprise"

  config:
    hec_url: "https://splunk.company.com:8088"
    hec_token: "${SPLUNK_HEC_TOKEN}"
    index: "tigeridentity"
    source: "tigeridentity"
    sourcetype: "_json"

  log_forwarding:
    decision_logs: true
    audit_logs: true
    access_grants: true
    policy_changes: true

  events:
    notable_events: true
    risk_scores: true
    correlation_searches:
      - "Suspicious Access Pattern"
      - "Privilege Escalation Detected"

  automation:
    revoke_on_alert: true
    alert_threshold: "high"

Use Cases

Threat Investigation

Correlate TigerIdentity access events with security alerts to understand attack paths.

Anomaly Detection

Use Splunk ML to detect unusual access patterns and automatically revoke suspicious sessions.

Compliance Reporting

Generate compliance reports in Splunk using TigerIdentity audit logs and decision data.

Risk-Based Access

Import user risk scores from Splunk and use them in TigerIdentity access policies.

Ready to connect Splunk?

See how TigerIdentity enhances Splunk with identity context in a personalized demo.

Schedule Your Demo