Page Contents
The Splunk connector for ZenGRC provides an integration that allows you to easily pull audit evidence from Splunk into ZenGRC. With the push of a button, evidence “fetchers” reach out to Splunk and pull evidence data into ZenGRC. You can define evidence fetchers in ZenGRC from any saved report that you’ve created in Splunk, providing endless flexibility in the kinds of evidence you want to source!
Splunk allows the user to configure roles with varying levels of permissions. Every app and object within Splunk is governed by a set of read/write permissions that specify what users can see (read access) and interact with (write access). Permissions can be granted by role for every application and object.
The Splunk role with which you configure the connection should be one that only allows the ZenGRC user to read necessary objects. What these objects are should be determined by the customer, but generally encompass any data that an audit may require.
This activity requires administrative privileges. After accessing the connector, complete the following steps to set up the connection:
For Splunk Enterprise, append "-api" to the and of your instance's base URL. (Example: https://[yourdomain]-api.zengrc.com/)
Any information to be attached to controls or requests needs to be pulled, or fetched, on this interface. Those who have edit permissions on a control, or who have administrative privileges, can add fetchers.
The list of fetchers is based on the reports saved by the Splunk role used to set the connection. If you query a report with a user other than the one provided for the integration, you may see different results. |
The maximum file size for each attachment that a fetcher can pull from Splunk is currently limited to 85 MB. |
To add a new fetcher, complete the following steps:
After a fetcher pulls data into ZenGRC, the information must be attached and mapped to a control. Then it can be added to a request.
In addition, the collected data is provided as CSV files. If the Splunk report does not bring any results for its query, these files may be empty.
Once the connection is established, these videos demonstrate how to add fetchers - ZenGRC Splunk Demonstrations. Or review information in the following documentation - Working with Fetchers, Controls, and Requests.