Welcome Edit the Doc Site Product Offerings Program Starting Point Program Types Private vs. Public Programs Parent/Child Programs VDP vs. BBP Using Markdown Running a Good Program General Settings Security Page Program Metrics Response Target Indicators Top Hackers Policy and Scope Good Policies Defining Scope Scope Best Practices Asset Types Severity Environmental Score Bounty Tables Importance of Bounty Tables Submit Report Form Report Templates Pausing Report Submissions Response Targets Response Target Metrics Setting Response Targets Invitations CVE Requests Submission Signal Requirements Human-Augmented Signal Groups and Permissions Single Sign-On via SAML JIT Provisioning Domain Verification Google Okta OneLogin FAQs Two-Factor Authentication Invalid OTP Code Sessions Credential Management Notifications Response Programs Inbox Inbox Views Report Management Report Actions Report States Report Components Quality Reports Locking Reports Duplicate Reports Exporting Reports Response Labels Keyboard Shortcuts Custom Fields Disclosure Limiting Disclosed Information Retesting Supported Integrations Integration Variables Webhooks API Tokens Assembla Azure DevOps Bugzilla Freshdesk GitHub GitLab HackEDU IBM Security SOAR Jira Jira Cloud Setup Jira Server Setup Multiple Integrations Jira FAQs Kenna Security MantisBT Microsoft Teams OTRS PagerDuty Phabricator Redmine ServiceNow Slack Splunk Sumo Logic Trac Zendesk Billing Bounties Swag Bonuses Dashboards Program Overview Submissions Dashboard Statistics Dashboard Hacker Feedback Dashboard Explore Audit Logs Industry Benchmarking Hacktivity Communicating with Hackers Message Hackers Banning Hackers Hacker Email Alias Hacker Mediation Hacker Reviews Disclosure Assistance HackerOne Clear Gateway FAQs Pentest Overview FAQs Automation Common Responses Triggers Hackbot Email Forwarding Embedded Submission Form Import Vulnerabilities IP Allowlists Multi-Party Coordination Password Best Practices Proof of Compliance Slack Shared Channels Reducing Noise Splunk Integration
You can configure a Splunk integration using webhooks to log events from HackerOne in Splunk. The Splunk integration enables data to be logged based on the configured event trigger. This integration is flexible and can be used to log data for any of the events listed.
This integration is only available to Enterprise programs.
To configure the Splunk integration:
Get the HTTP Event collector endpoint by referencing the
Send data to HTTP Event Collector section in the Splunk documentation. Go to
Program Settings > Program > Webhooks. Click
New webhook. Enter the full HTTP event collector endpoint in Payload URL.
Enter your webhook secret in the
Secret field. The secret is used to validate that the request came from HackerOne. Learn how to validate the payload using a secret. Select which events you’d like to trigger the webhook. You can choose between:
Send me everything
All events will trigger the webhook.
Let me specify individual events
You can choose which events you'd like to trigger the webhook.
Once you've successfully added the webhook, you'll be able to retrieve data from HackerOne in your Splunk instance.
Learn more about
managing webhooks and viewing recent deliveries.