Are you a Splunk Cloud user? This page has instructions for integrating ConductorOne with Splunk Enterprise. If you want to integrate ConductorOne with your Splunk Cloud instance, follow the instructions in the Splunk connector’s README file.
Organizations trust Splunk to prevent security, infrastructure and application issues from becoming major incidents, absorb shocks from digital disruptions, and accelerate digital transformation.
🛠️ The Splunk Enterprise integration uses ConductorOne’s open-source Baton connector for Splunk.
- Sync user identities from Splunk Enterprise to ConductorOne
- Resources supported:
Integrate your Splunk Enterprise instance
Before you begin: Prepare a Splunk Enterprise image for the
baton-splunk connector by following the Splunk Enterprise documentation to Deploy and run Splunk Enterprise inside a Docker container. Note that the Splunk Docker image only supports x86_64 CPU architecture.
Step 1: Generate an API token
Before you begin: Make sure that token authentication is enabled for your Splunk Enterprise instance.
Splunk Enterprise authentication tokens inherit the same permission set as the user associated with the token. Make sure that the user associated with the token you create has permission to read all users, roles, deployments, capabilities, and applications for your instance.
If you want to create tokens for yourself, your account must have a role that has the
edit_tokens_own capability. If you want to create tokens for another user on the instance (such as a service account), your account must have a role that has the
Sign into Splunk Enterprise.
Click Settings and select Tokens from the menu.
If necessary, click Enable Token Authentication.
On the Tokens page, click New Token.
Fill out the form and click Create.
The token is generated. Carefully copy and save the token value. We’ll use it in Step 2.
Step 2: Install
Run the Docker command shown below to install
baton-splunk, substituting in the required credentials (see the
baton-splunkrepo’s README for details).
SPLUNK_ADMIN_PASSWORD=admin_pass BATON_TOKEN=token BATON_UNSAFE=true docker-compose up
The instance comes with TLS disabled by default. To bypass validation of TLS certificates, set
BATON_UNSAFEenvironment variable to
trueor use the
To gain more verbose output, set the
BATON_VERBOSEenvironment variable to
trueor use the
--verboseflag. This mode lists Application and Capability entitlements and grants.
Step 3: Set up the Splunk integration in ConductorOne
A user with the Integration Administrator or Super Administrator role in ConductorOne must perform this task.
In ConductorOne, open Administer and click Integrations > Baton.
Choose whether to add the Splunk connector to an existing application in ConductorOne (and select the app of your choice) or to create a new Baton application.
Once the connection is established between Splunk Enterprise and ConductorOne, the new application’s name will automatically change from Baton to Splunk.
Set the integration owner for this connector. You can manage the integration yourself, or choose someone else from the list of ConductorOne users. Setting multiple integration owners is allowed. You can change the integration owner later, if necessary.
Click Create and add details.
If you selected someone else as the integration owner, that person will be notified to take over this process from this point.
Find the Settings area of the page and click Edit.
Click Rotate to generate a new set of credentials. Carefully copy the Client ID and Secret. You’ll use them in Step 4.
Step 4: Add credentials to your Splunk connector
On the server where your the Splunk is running, pass in the Client ID and Secret generated in Step 3 by running
--client-id <CLIENT ID> --client-secret <SECRET>.
baton-splunk --helpto see the list of flags to be used when passing your credentials to the connector.
The connector syncs current data, uploads it to ConductorOne, and prints a
Task complete!message when finished.
Check that the connector data uploaded correctly. In ConductorOne, open Manage and click Applications, then locate and click the name of the application you added the Splunk connector to. Splunk data should be found on the Groups, Roles, Resources, and Accounts tabs, as appropriate.
baton-splunk is installed and the integration is set up, Baton runs as a service in your environment. The service maintains contact with ConductorOne, syncs and uploads data at regular intervals, and passes that data to the ConductorOne UI, where you and your colleagues can use it to run access reviews and facilitate access requests for the application.