The Splunk integration provides DivvyCloud the ability to send notification messages to your Splunk indexes, and is compatible with all DivvyCloud resources. As an example, you can send high priority security alerts when noncompliant Security Group rules are provisioned such as SSH open to the world.
1. Access Splunk Instance - You will need the access point of your Splunk Instance. I used my localhost as my instance, copying ‘localhost’ as my instance name. You will also need the username and password of that instance.
2. Update DivvyCloud - In your DivvyCloud window, click on “Integrations” on the left side of the screen. Then click “edit” and input your Splunk credentials (instance URL, username, password, port, and protocol).
The Port specification refers to the Management Port of your Splunk instance. The default value is 8089. The HTTPS Scheme specification refers to the protocol used to communicate with your Splunk instance. HTTPS/SSL is enabled by default in Splunk, but verify this is the case with your own Splunk instance.
Once this is done you can now leverage the DivvyCloud Splunk action within your Bot configurations. As you can see from the image below, you can specify the index you’d like the events to go to, and message sent for each event. If the index of your choosing isn’t on the server, one will be created for you and all the events will go to that index.
3. Resulting Events from Bots - Once you’ve run your bot with the Splunk action, go to your Splunk Instance window and view your indexes. You can now see all the noncompliant resources that DivvyCloud found, and see they are logged as events in that Splunk index.