The Splunk Add-on for Okta Identity Cloud:
- Handles System Log event ingestion using Okta's REST API endpoints and simplifies data correlation.
- Can periodically ingest Okta Universal Directory (UD) data, including users, groups, and apps. This data is not treated as time-series events.
- Provides the inputs and CIM-compatible knowledge to use with other Splunk apps.
The Splunk Add-on for Okta Identity Cloud provides complete data collection parity with the Okta Identity Cloud Add-on for Splunk, and corresponding features except the following two adaptive response actions: 1) Updating user's lifecycle/status, 2) Add or Remove a user from a group. In addition to this, Splunk built TA provides comprehensive CIM coverage, high reliability and multiple features and enhancements. Please see the Reference section of the documentation for more details.
The Splunk Add-on for Okta Identity Cloud provides support of the below-mentioned sourcetypes:
OktaIM2:log
OktaIM2:user
OktaIM2:group
OktaIM2:app
OktaIM2:groupUser
OktaIM2:appUser
Resources
Log in to report this app listing