The Splunk Enterprise SIEM integration enables organizations to stream MangoApps platform events directly into Splunk for centralized security monitoring, analytics, and compliance auditing.
With this integration, MangoApps pushes key account and system activity events to a Splunk HTTPS Event Collector (HEC) endpoint, allowing IT teams to correlate MangoApps activity with events from other enterprise systems.
This capability is especially useful for organizations that rely on Splunk for security monitoring, compliance reporting, and operational analysis.
Key Benefits
Centralized Security Monitoring
Track user authentication, access control changes, and account lifecycle events from MangoApps in your SIEM platform.
Improved Compliance
Maintain auditable records of platform access, permissions changes, and user account updates.
Real-Time Visibility
Events from MangoApps are automatically pushed to Splunk at configurable intervals.
Enterprise Observability
Combine MangoApps data with logs from other enterprise applications inside Splunk dashboards.
How the Integration Works
The integration uses a MangoApps Push Agent to send platform activity events to a Splunk HTTPS Event Collector (HEC) endpoint.
Event Flow
User activity occurs in MangoApps.
MangoApps records the event internally.
The Splunk Push Agent collects eligible events.
Events are sent to the Splunk HEC endpoint.
Splunk ingests and indexes the events for monitoring and analytics.
Events are delivered using NDJSON format (newline-delimited JSON) where each line represents a separate event.
The system also supports cursor-based pagination for event delivery to ensure reliable event processing.
Prerequisites
Before configuring the integration, ensure you have:
A Splunk Enterprise or Splunk Cloud instance
HTTPS Event Collector (HEC) enabled in Splunk
A valid HEC authentication token
Access to the MangoApps Admin Portal
Network connectivity allowing MangoApps to reach the Splunk HEC endpoint
Configure the Splunk Integration
Step 1: Open Built-In Integrations
Log in to MangoApps Admin Portal
Navigate to:
Select Splunk Integration
Step 2: Enable the Splunk Push Agent
Enable the Splunk HEC Push Agent to start sending events from MangoApps to Splunk.
The push agent is responsible for automatically transmitting events to Splunk at a defined interval.
Step 3: Enter Splunk Connection Details
Provide the required connection settings:
Setting
Description
Name
Friendly name for the integration
HEC Endpoint URL
Splunk HTTPS Event Collector endpoint
SSL
Enable if the endpoint requires SSL
HEC Token
Authentication token from Splunk
Index
Splunk index where events will be stored
Source Type
Splunk source type identifier
Host
Identifier used by Splunk to identify MangoApps
These values correspond to configuration parameters required by Splunk for event ingestion.
Step 4: Configure Event Push Frequency
Choose how frequently MangoApps pushes events to Splunk.
Available options:
Every 5 minutes
Every 10 minutes
Every 30 minutes
Every 1 hour
Up to 24 hours
Shorter intervals provide more real-time monitoring but increase event traffic.
Step 5: Save the Configuration
Click Save to activate the integration.
Once enabled, MangoApps begins pushing events to Splunk according to the configured schedule.
Events Sent to Splunk
The current integration focuses on security, authentication, and user lifecycle events.
Examples of events pushed to Splunk include:
Authentication Events
User login
User logout
Password reset
Login attempts from different locations
User Lifecycle Events
New user creation
User deletion
User suspension
User lockout
Role and Access Changes
Network admin assignment or removal
Team admin assignment or removal
Assistant role assignment or removal
Alias assignment or removal
Account Status Changes
Guest user converted to network user
Network user converted to guest
User moved to restricted status
Security Access Events
Attempts to access restricted URLs
Permission-based access denial
These events provide the necessary telemetry for organizations to monitor access and detect suspicious activity.
Viewing Splunk Integration Logs in MangoApps
Administrators can review the events that MangoApps sends to Splunk.
Access Splunk Logs
Navigate to:
The Splunk Logs page allows administrators to:
Search logs by keyword
Filter by event type
Filter by date range
These logs show the events that were pushed to Splunk and confirm whether event delivery occurred successfully.
Security and Data Protection
The integration is designed to prevent sensitive data exposure.
Key safeguards include:
No passwords, tokens, or secrets are included in event payloads
Only security-relevant event metadata is transmitted
Event logs exclude sensitive authentication information
This ensures the integration remains compliant with enterprise security standards.
Typical Use Cases
Security Monitoring
Track login activity and permission changes to detect unauthorized access.
Compliance Reporting
Maintain historical logs for audits and regulatory compliance.
User Activity Analysis
Analyze authentication trends and platform usage patterns.
Incident Investigation
Correlate MangoApps activity with other systems during security investigations.
Troubleshooting
Events Not Appearing in Splunk
Verify the following:
HEC endpoint URL is correct
HEC token is valid
SSL settings match Splunk configuration
Firewall rules allow outbound traffic to Splunk
Push frequency interval has elapsed
Connection Issues
Check the Splunk Logs in MangoApps to identify:
Authentication failures
Endpoint connectivity errors
Delivery failures
Best Practices
Use a 5–10 minute push interval for security monitoring.
Store MangoApps events in a dedicated Splunk index.
Create Splunk dashboards for:
Login activity
Role changes
User lifecycle events
Set alerts for unusual login patterns or privilege changes.
