NordPass activity log reporting in Splunk Splunk is a leading Security Information and Events Management platform. It allows organizations to collect and index data from multiple sources, providing powerful tools for visualization and insight generation through dashboards and reports. Keeping our Enterprise client needs in mind, we decided to collaborate with Splunk, allowing our customers to ensure their business’ safety on another level. Splunk for NordPass benefits Due to Splunk’s reporting and visualization capabilities, upon setting up an integration between Splunk and NordPass Enterprise clients will be able to set up an integration between Splunk and NordPass, enabling them to: Monitor Activity Logs data directly within Splunk; Efficiently track user behavior; Manage security events; Utilize Splunk's advanced features for enhanced insights and secure management of their digital environments. Setting up an integration between Splunk and NordPass To set up Splunk’s integration on NordPass, you need to take a few actions: Generate a token specifically for Splunk Install NordPass on Splunk Read the article below to learn how to set up the integration. Generate a new Splunk token A valid token from Splunk needs to be generated in the Admin Panel by following the steps in our Token Management article. Installing NordPass on Splunk In order to install NordPass on Splunk, you also need to have a Splunk account. There are two ways to add a NordPass app on Splunk for Business users. While users of Splunk Cloud can utilize both versions, clients using the Splunk on-premise solution will need to choose the Download option. Follow the links below to go to a section relevant to you: Install option Download option (for clients using Splunk on-premise solution) Install option If you’ve chosen the installation option to set up an integration between NordPass and Splunk, follow the steps below: Log in to your Splunk account. Go to Apps in the upper-left corner: Click Find More Apps: Search for NordPass. Click Install. After these steps are done, NordPass should be installed on Splunk, and you can proceed with setting up NordPass on Splunk. Download option - after Splunk adds NordPass To set up an integration between NordPass and Splunk via download option, follow the steps bellow: Navigate to Splunkbase, and click Apps: Search for NordPass: Click Login to Download: Log in to the Splunk environment. Navigate to the upper-left corner and click Apps: Click Manage Apps: Click on Install app from file: Select Choose File and upload the file you’ve just downloaded: Click Upload: After following the steps above, NordPass should be installed on your Splunk account. Setting up NordPass on Splunk To set up integration between Splunk and NordPass, you will need to: Log in to the Splunk environment. Go to Apps and choose NordPass Activity Logs option: Then to the Setup tab. Pick the Data center: Paste the token saved when generated on the NordPass Admin Panel: Click Continue: After you provide this information and click continue, the setup will be complete. You will be able to see activity log data for the last seven days. This data will also be fetched into Splunk every one minute. Update token or data center information on Splunk If your token expires or it was revoked, or if you need to update your Data center details, you will need to create a new token and then update it in Splunk environment, following similar steps to initial NordPass on Splunk setup. To update this information in Splunk, follow these steps: Log in to the Splunk environment. Navigate to the NordPass app: Click Setup. Update the Token. After these steps are done, the information should be updated. Splunk dashboards explanations Splunk dashboards show the relevant activity logs that were fetched before opening them. To include the newest records, you need to refresh the page. Since you’ll be able to use Splunk’s smart tools for visualization and insight development via dashboards and reports, it’s important to understand what you can see from them. NordPass Logins & Vault Access Login actions dashboard on Splunk provides information about Organization employees' login to NordPass and Vault unlock actions by the users. Here, you will be able to see three dashboards: Login access: This visualization showcases times when your NordPass users log in to NordPass Business Login, validate the Master Password to unlock NordPass, or use SSO authentication. By platform: This visualization lists platforms where Organization employees validate their master passwords and where they are accessing the NordPass application. Detailed information: This table lists the details of the Login actions performed by your Organization's users. NordPass Admin Panel Activity The administrative actions dashboard in Splunk displays information on the actions of Organization Owners and Administrators in the Business Admin Panel. Here, you will also be able to see three dashboards: Actions: This visualization showcases the actions performed in the NordPass Business Admin Panel by users with MSP Admin, Owner, and Admin rights. Actions count by User: This visualization lists all users who took action in the NordPass Business Admin Panel and indicates the number of actions performed. Detailed information: This table lists all actions made in the NordPass Business Admin Panel by users with Owner and Admin rights. NordPass Vault Activity The item actions dashboard provides information about the Organization user's actions in the NordPass application. Here, you will be able to see four tabs: Item actions by platform: This visualization shows the number of actions performed in the NordPass application on a defined platform. Item actions: This visualization lists all actions and the number of actions performed by the employees in the NordPass application. Detailed information: This table lists all actions made in the NordPass application by organization employees. If you have any questions, feel free to reach out to our customer support! Was this article helpful? Yes No