Skip to Content
IntegrationsOtherSplunk

Splunk Integration

The Splunk integration sends Detectify vulnerability data to your Splunk instance, allowing you to correlate security findings with other data sources in your SIEM.

What You Get

With the Splunk integration, Detectify forwards the following data:

  • Vulnerability findings with severity, affected asset, vulnerability type, and discovery timestamp
  • Scan events including scan start, completion, and summary statistics
  • Asset changes detected by Attack Surface Management

This data can be used for:

  • Centralized security monitoring alongside other security tools
  • Building dashboards that combine vulnerability data with infrastructure and application logs
  • Creating alerts based on vulnerability patterns or thresholds
  • Compliance reporting that includes vulnerability management metrics

Setup

Prerequisites

  • A Detectify account with admin or team admin permissions
  • A Splunk instance with an HTTP Event Collector (HEC) configured
  • Network connectivity between Detectify and your Splunk HEC endpoint

Configuration Steps

  1. In your Splunk instance, create an HTTP Event Collector (HEC) token:
    • Navigate to Settings > Data inputs > HTTP Event Collector
    • Click New Token
    • Name the token (for example, “Detectify”)
    • Select or create a target index for Detectify data
    • Save and copy the generated token
  2. In Detectify, navigate to Settings > Integrations.
  3. Find Splunk and click Configure.
  4. Enter the following details:
    • HEC URL: The endpoint for your Splunk HEC (for example, https://splunk.example.com:8088)
    • HEC Token: The token generated in step 1
    • Index: The target index name (optional, uses the token’s default index if not specified)
  5. Select which event types to forward (findings, scan events, asset changes).
  6. Click Save.

Testing the Integration

Click Send Test Event to verify that data reaches your Splunk instance. In Splunk, search for the test event:

index=your_index sourcetype=detectify

If the test event does not appear, check that:

  • The HEC URL is accessible from the internet
  • The HEC token is valid and not disabled
  • The target index exists and the token has write access to it

Data Format

Detectify sends events to Splunk in JSON format. Each event includes:

  • event_type — The type of event (finding, scan_completed, asset_change)
  • severity — For findings, the severity level
  • asset — The affected domain or IP address
  • finding_type — The vulnerability category
  • timestamp — ISO 8601 timestamp
  • details — Additional context specific to the event type

Disconnecting

To stop sending data to Splunk, navigate to Settings > Integrations > Splunk and click Disconnect.

Last updated on
JiraWebhooks