Integrating Zoho Vault with Splunk

Integrating Zoho Vault with Splunk

  1. Log in to Splunk console. Navigate to Settings at the top-right corner and select Data inputs.
  2. From the list of data input options, choose HTTP Event Collector.
  3. Click Global Settings. Note the listed Port Number, as you will need this when configuring Zoho Vault.
  4. Go back to the main HTTP Event Collector page and click New Token.
  5. In the Name field, provide a descriptive name for this log source (e.g., "ZohoVaultLogs"). This name will help you filter and identify logs originating from Zoho Vault within Splunk.
  6. Once you've entered the name, proceed through the required setup steps for your Splunk environment.
  7. Upon completion, Splunk will generate an API token. Make sure to copy and securely store this token, as you will need to enter it in Zoho Vault.

Configuring Splunk details in Vault 

  1. Log in to your Zoho Vault account as a super admin.
  2. In the Settings menu, select SIEM Integration, then click Edit Configurations under Splunk.
  3. Enter the Collector Hostname and Port details provided by Splunk, then click Save Configuration.
  4. Select the list of audit trails to be sent to your SIEM service from Zoho Vault under Manage Syslog Configuration.

Accessing Zoho Vault logs from Splunk

To view all Zoho Vault audit logs in Splunk:
  1. Log in to your Splunk account.
  2. In the search bar, enter the log name you previously set to find the Zoho Vault logs.