Skip to content
Core Security Platforms
Splunk HEC Compatible Receiver Connector

Use Splunk HEC Compatible Receiver As a Review-Ready Evidence Source

Pull evidence from Splunk HEC Compatible Receiver, preserve source and collection history, and map the output directly to the controls reviewers ask about. Aurora automates recurring collection where the connector supports it and keeps export-based handoffs clean where it does not.

SIEMLog collectionEvidence captureContinuous checksUpdates on a schedule7 mapped controls
Common coverage includes Audit logging, Centralized Log Management, and Data Ingest Health Monitoring.
Request a 15-Minute Walkthrough Setup Guide
Supports recurring audits, buyer reviews, and renewal requests. We'll show what can run automatically and where export-based collection still makes sense.
Explore Trust CenterBrowse Integrations
Connector Summary
Best for
Audit logs and event streams
Authentication
Log collector token
Cadence
On a schedule
Setup time
20 to 30 minutes
Framework coverage
Adobe Common Controls Framework (Adobe CCF) and 109 more
Imported execution-stage guidance
Frameworks
73
Preferred requirement mappings
1,381
Candidate requirement mappings
399
Auth: Hec TokenCollection: Integration ApiEvidence objects: audit_log, siem_search_export
ChecksEvidenceFrameworks
Browse All IntegrationsReview Setup Guide
Exports & records
Artifacts reviewers recognize. Preview the structure before you share anything.
Scroll for artifact previews

Setup

Setup

A short path from connection to an exportable evidence bundle.

01
Connect Splunk HEC Compatible Receiver
Sign-in method: Log collector token. Read-only, least-privilege access.
02
Confirm Evidence Sources and Cadence
Confirm evidence sources and set cadence (on a schedule).
03
Validate Capture (Read-Only Where Possible)
Validate evidence capture in read-only mode (where possible) before expanding workflows.
04
Map Evidence to Controls
Map captured artifacts to controls (7 mapped controls listed).
05
Bundle evidence when needed
Export an evidence bundle (ZIP) when you need an offline attachment. Aurora keeps the underlying source and timestamps so the work stays reusable.

Capture

What This Integration Captures

Evidence types and collection notes, based on the integration's published resources.

What Aurora monitors
10 continuous checks
Splunk HEC receiver data is being collected • Splunk HEC receiver snapshots are tagged with the correct source
Evidence Aurora can collect
3 evidence types
Audit logs and events • App Config Snapshot
How it stays current
Updates on a schedule.
Checks update as new data is synced.
Checks
Automated checks Aurora can run
Checks map directly to common buyer requirements. Reviewers see the result as exportable evidence, not a screenshot.
Splunk HEC receiver data is being collected
Splunk HEC receiver snapshots are tagged with the correct source
Splunk HEC Compatible Receiver siem enabled check
Splunk HEC Compatible Receiver log sources non negative check
Splunk HEC Compatible Receiver retention non negative check
Splunk HEC Compatible Receiver endpoint check
Splunk HEC Compatible Receiver auth type hec check
Splunk HEC Compatible Receiver token check
Splunk HEC Compatible Receiver timestamp check
Splunk HEC Compatible Receiver ingest count 24h check
Evidence
Evidence types collected
These evidence objects can be mapped to controls and exported as an evidence bundle or audit workbook snapshot.
Audit logs and eventsApp Config SnapshotArtifact
Produces
  • Evidence objects with source details
  • Freshness and cadence status
  • Evidence bundle exports (plan-based)
Security Note
Read-only API, scoped credentials, and an audit trail for every sync.
Cadence Controls
Updates on a schedule.

Reviewers

Why It Matters for Reviewers

A few ways this reduces follow-ups during audits and buyer reviews.

  • Reduces evidence follow-ups by attaching system exports directly to answers.
  • Keeps timestamps explicit for audit windows.
  • Makes sampling easier through evidence bundles.

Frameworks

Controls and Frameworks Impacted

A quick sense of which frameworks this connector helps cover (based on mapped controls).

Adobe Common Controls Framework (Adobe CCF)
ADOBE_CCF
2 controls
Aurora Essentials (Baseline Control Set)
AURORA_ESS
2 controls
Department of Defense (DoD) Cloud Computing Security Requirements Guide
CC_SRG
2 controls
CSA Cloud Controls Matrix (CCM) v4.1
CCM
2 controls
Cybersecurity Code of Practice for Critical Information Infrastructure
CCOP
2 controls
CIS Controls v8
CIS
2 controls
CMS Acceptable Risk Safeguards (ARS)
CMS_ARS
2 controls
DESC Combined Standards (Digital Dubai / DESC family overlay)
DESC_COMBINED_STANDARDS
2 controls
FDA medical device cybersecurity guidance
FDA_MEDICAL_DEVICE_CYBERSECURITY
2 controls
FedRAMP Security Controls Baseline (High) - NIST SP 800-53 Rev. 5
FEDRAMP_REV5_HIGH_BASELINE
2 controls
FedRAMP 20x Phase 2 Pilot
FEDRAMP20X
2 controls
IEC 62443 (Industrial Automation and Control Systems Security)
IEC62443
2 controls
Not sure what you need? Get mapping help

Common questions

Splunk HEC Compatible Receiver Integration Questions

Short answers to common evaluation questions.

Does this require admin access?
It depends on the evidence you choose to capture. We'll confirm required permissions during setup.
Can we control cadence?
Yes. In eligible plans, cadence is configurable.
Can we export evidence if a reviewer asks?
Yes. Export evidence bundles for offline attachments, or give reviewers structured access through Trust Center. Aurora keeps the source and timestamps so work stays reusable between reviews.
Live walkthrough
Want to Confirm Evidence Coverage for Splunk HEC Compatible Receiver?
Tell us about your evidence gap, audit question, or framework target. We'll show what can be automated, what stays manual, and how to share it in a controlled way.
Request a 15-Minute Walkthrough
View PricingBrowse Integrations
15-minute walkthrough. No obligation. See Aurora applied to your workflow with the exact outputs reviewers receive. (No compliance guarantees.)