Splunk

Attach partner account

To attach a Splunk account to Detect, you will need:

  • A Splunk instance available over port 443
  • An HEC token
  • An index named prelude

In Splunk

HTTP Event Collector

Create a HTTP Event Collector with:

  • SSL enabled
  • Source type: _json
  • Index: prelude

Included capabilities

Alert management

After attachment, the Prelude Service will automatically send each test event to your Splunk instance. Events contain the following properties:

  • Test identifier (UUID)
  • Test hash (MD5)
  • Test name (string)
  • Exit code (integer)