| SamurAI [Local] Collector | SamurAI [Cloud] Collector |
|---|---|
 |
This integration collects audit and activity log data from LastPass Business using LastPass’s built-in SIEM integration capability, delivered to the SamurAI platform via Splunk HTTP Event Collection (HEC).
Prerequisites
Ensure that a Samurai Cloud Collector of type Splunk HTTP Event Collector (HEC) has been deployed via the SamurAI Portal.
If you are planning to reuse an already deployed Samurai HEC Cloud Collector you will need (displayed only upon creation):
- API URL
- Token
Configure the integration in LastPass
For additional information you can refer to the LastPass documentation: Integrate Splunk with LastPass Business.
To configure the Splunk integration in the LastPass Admin Console, follow the steps below:
Open a browser and navigate to the LastPass Admin Console
Log in with your LastPass admin email address and master password, then click Log In
From the left-hand navigation, go to Advanced - Integrations - Splunk
Perform the following steps using the values recorded during creation of your SamurAI Splunk HEC Collector:
4.1 In the Splunk instance URL field, enter the API URL of the SamurAI HEC Cloud Collector
4.2 In the Token field, enter the SamurAI HEC Cloud Collector Token value
4.3 Optionally, set the Index name field to a descriptive name to help identify LastPass data (e.g. lastpass_events)
Check the Enabled checkbox to activate the integration
Click Save changes
Log out of the LastPass Admin Console and log back in to confirm the configuration has been applied
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the SamurAI MDR Portal and we shall get it updated.