All Apps and Add-ons

Integrating Splunk with Intellitrust

New Member


I am searching a good document for the integration between Entrust Intellitrust and Splunk. We have alreay completed the required configuration at the Intellitrust end and searching for the configuration we should do at the Splunk end.


0 Karma


The splunkbase app got this details:(i am not sure if there are any other documentations available for this app)


Refer to the Admin Guide from your Entrust Datacard IntelliTrust account for assistance.


Before configuring the add-on, customers must create a Splunk application prior to this step. See the IntelliTrust Admin Online Help for more information.

To configure your add-on, complete the following steps after downloading and installing the add-on:

  1. Create a new input for your IntelliTrust source.
  2. Select the category of logs you would like to import from IntelliTrust into Splunk. The categories are: a. Authentication Events b. Management Events c. Both (By default both categories are selected)
  3. Enter the interval (in seconds) to set the frequency that audit logs in IntelliTrust are imported into Splunk. The interval cannot be less than 30 seconds. The first time the add-on is enabled, all events are imported into Splunk. After that, events are imported at the set interval rate.
  4. Under Configuration > Add-on Settings enter the json value that was created when you added a Splunk application in IntelliTrust. Upon successful configuration, this add-on will automatically import all previously logged audits for the specified category into Splunk.

Once the data source is enabled and data is being pulled in, administrators can create dashboards with IntelliTrust audit data.

As you are a new user to Splunk Answers, you can upvote the answers/comments,
if this answer resolved your query, you can select this answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

0 Karma

New Member

Thanks for your reply!
Yes I already went through this documentation. But they only specified the below

"To configure your add-on, complete the following steps after downloading and installing the add-on"

how and where to install is not specified. and I need to know how to install the addon and if there is any specific location I should install the add-on.

Thanks and Regards,

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...