SailPoint's IdentityNow AuditEvent Add-on has been certified by Splunk and is designed to provide customers the ability to extract audit information from one or more of their IdentityNow tenants using Splunk Enterprise or Splunk Cloud. Along with the audit information, the.SailPoint Adaptive Response Add-on also provides a source types with in.Splunk®.This source type is used to collect events from SailPoint's IdentitNow tenant. Users can configure this source type to collect events to Splunk®.and populate a custom dashboard visualizing different types and details for these events.
Using IdentityNow's AuditEvents API, we can solve a number of problems with this add-on. Some examples include:
Full functionality requires the following:
Searching for sourcetype="sailpoint_identitynow" will list all the events consumed by the add-on
Updated /search Beta API to V3 API
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.