You can configure a Splunk integration to log events from HackerOne in Splunk. The Splunk integration enables data to be logged based on the configured event trigger. This integration is flexible and can be used to log data for any of the events listed.
This integration is only available to Enterprise programs.
Creating the HTTP Event collector
In the top menu of Splunk, go to Settings > Data Inputs
Click on HTTP Event Collector
Click on New Token
Enter a name and click Next until you completed the setup of the connector
Copy the token from the overview of data inputs and save it for the next step of the setup
Setup on HackerOne
Go to Program Settings > Program > Integrations.
Click Connect to Splunk.
Click on Set up new integration
Click on New authentication
In the popup enter the Event Collector URL and the HEC token (This is the same token you created ealier in the setup). See the information below for details on how to construct the URL.
Click Create to save the authentication
Enter a name for the Integration
Click Finish to complete the integration
Now click Enable to start using the integration
Once you've successfully added the intergration, you'll be able to retrieve data from HackerOne in your Splunk instance.
Constructing the Even Collector URL
The standard form for the HEC URI in Splunk Cloud free trials is as follows:
The standard form for the HEC URI in Splunk Cloud is as follows:
The standard form for the HEC URI in Splunk Cloud on Google Cloud is as follows:
<protocol> is either http or https
You must add http-inputs- before the <host>
<host> is the Splunk Cloud instance that runs HEC
<port> is the HEC port number
8088 on Splunk Cloud free trials
443 by default on Splunk Cloud instances