Log in
Integrations/Splunk HEC Compatible Receiver/Setup Guide
Setup Guide

Splunk HEC Compatible Receiver Setup Guide

Follow the steps below to connect (where supported) or set up an export-based workflow. Either way, Aurora tracks source, timestamps, ownership, and freshness so evidence stays reusable between reviews.

At a Glance
ConnectionLog collection
CategoryLogging
Guide3 steps
Need help?
We'll confirm what can be automated, what stays export-based, and how to keep evidence current between review cycles.

Steps

Use these as a starting point, then verify collection inside Aurora.

  1. 1
    Generate or provision an HEC token in the platform connection settings.
  2. 2
    Configure your source system to POST events to the platform's HEC receiver endpoint using the Splunk authorization header.
  3. 3
    Validate the receiver returns a Splunk-compatible response (code=0).

Credentials

The inputs Aurora needs to authorize and collect proof.

hec_token

Permissions

Aurora requests only the minimum access needed for collection and checks.

Permissions depend on the selected collection mode and configured scope.