Splunk Enterprise Security connector

Splunk Enterprise Security is a security information and event management (SIEM) solution built on the Splunk platform. It enables organizations to gain comprehensive visibility, detect threats, and respond efficiently to security incidents.

The Splunk Enterprise Security connector helps you address emerging security threats and SIEM use cases through monitoring, alerts, and analytics, enabling proactive threat detection and prevention. You can perform tasks such as security monitoring, incident management, compliance, advanced threat detection, threat hunting, and automation and orchestration.

Authorize your Splunk Enterprise Security account
Splunk Enterprise Security connector action cards

Authorize your Splunk Enterprise Security account

When you add a Splunk Enterprise Security card to a flow for the first time, Okta Workflows prompts you to configure the connection. This connection links to your Splunk Enterprise Security account and saves your account information, so you can reuse this connection for future Splunk Enterprise Security flows.

See Authorization.

Splunk Enterprise Security connector action cards

Action	Description
Create User	Create a new user in Splunk Enterprise Security.
Custom API Action	Make an authenticated HTTP request to the Splunk Enterprise Security API.
Delete User	Delete a user in Splunk Enterprise Security.
List Roles	List all roles and the permissions for each role in Splunk Enterprise Security.
Read User	Get the details of a specified user in Splunk Enterprise Security.
Search Users	Search for users in Splunk Enterprise Security.
Update User	Update users in Splunk Enterprise Security.