| SamurAI [Local] Collector | SamurAI [Cloud] Collector |
|---|---|
 |
This integration collects Auditlog data from Admin By Request in real-time using Admin By Request webhooks, delivered to the SamurAI platform via Splunk HTTP Event Collection (HEC).
Prerequisites
Ensure that a Samurai Cloud Collector of type Splunk HTTP Event Collector (HEC) has been deployed via the SamurAI Portal.
If you are planning to reuse an already deployed Samurai HEC Cloud Collector you will need (displayed only upon creation):
- API URL
- Token
Configure a webhook in Admin By Request
For additional information you can refer to the Admin By Request Splunk Integration Guide and the Admin By Request Webhooks documentation.
To configure a webhook to push Auditlog data to the SamurAI HEC Cloud Collector, follow the steps below:
Log in to the Admin By Request Portal
Navigate to Settings - Tenant Settings - Data - WEBHOOKS
Click Create Webhook
Perform the following steps:
4.1 Toggle Enabled to ON
4.2 Enter a Name for the webhook
4.3 From the Push Data drop-down menu, select Auditlog: new entry
4.4 In the URL field, enter the API URL of your SamurAI HEC Cloud Collector. Additionally add /services/collector/raw at the end of the URL inline with vendor documentation.
4.5 Set Add headers to ON, then click New
4.6 In the Name field of the new header, enter
Authorization4.7 In the Value field, enter
Splunkfollowed immediately by the Token value from your SamurAI HEC Cloud Collector4.8 Click Update to save the header
Click Save to create the webhook
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the SamurAI MDR Portal and we shall get it updated.