the target services exposes some REST APIs which allows the SIEM application to get the Audit and other Resources details.
The authentication mechanism is OAuth
This integration is supported in Splunk Enterprise, I want to check how it can be done in Splunk Cloud.
I tried installing http://splunk-base.splunk.com/apps/90843/rest-api-modular-input manually, but it was rejected.
Since this has been asked here, I may create a ticket and see what they say.
Hi,
I am not sure about REST input. But you can try using HTTP Event Collector. Refer below documents:
http://docs.splunk.com/Documentation/SplunkCloud/7.0.0/Data/AboutHEC