Sectigo.com
Shop Enterprise Partners Resources

Configuring the connector

This page describes how to configure the connector for log retrieval.

Obtain the SCM Audit API credentials

  1. Log in to SCM at https://cert-manager.com/customer/<customer_uri> with the MRAO administrator credentials provided to your organization.

    Sectigo runs multiple instances of SCM. The main instance of SCM is accessible at https://cert-manager.com. If your account is on a different instance, adjust the URL accordingly.

  2. Select Integrations  Audit API Clients.

  3. Click Add to create an Audit API client.

  4. Give a name to your client, then click Save.

  5. Make a note of the URL, Client ID, and Client Secret values.

    You will need them during the data input configuration in Splunk.

    Audit API credentials

Configure a data input

  1. In Splunk Web, navigate to Settings  Data inputs.

  2. Click Add new next to the sectigo_app local input.

    Add data source

  3. Fill out the data source fields:

    • name: A user-defined name for the data source

    • api_url: The URL of the SCM Audit API. The possible values are:

      • https://audit.enterprise.sectigo.com/: The Audit API URL for CertManager

      • https://audit.hard.sectigo.com/: The Audit API URL for Hard CertManager

      • https://audit.eu.sectigo.com/: The Audit API URL for EUDC

    • client_id: The client ID of the SCM user

    • client_secret: The client secret of the SCM user

  4. (Optional) Check More Settings and enter the number of seconds between log fetch requests, or a cron expression, in the Interval field.

    Configure data source

  5. Click Next.

  6. Click Start Searching.

    When the API is invoked for the first time, it fetches 30 days of audit history. You might experience a one-minute delay before you see the data.