Splunk
Forward finding events to Splunk via HTTP Event Collector.
Forwards finding and remediation events from Basirah to Splunk via HTTP Event Collector (HEC).
Prerequisites
- Splunk instance with HEC enabled
- HEC token with permissions to write to the target index
Authentication
API key — HEC token.
Configuration
hec_url string required Splunk HEC endpoint URL.
hec_token string required Splunk HEC authentication token.
index string Target Splunk index. Uses the HEC token default if not specified.
Data flow
Forwards normalized finding events to Splunk for correlation with your broader security telemetry.