Configuring the connector

This page describes how to configure the connector for log retrieval.

Obtain the SCM Audit API key

If you have not already obtained your SCM API key, do so now.

  1. Log in to SCM with the MRAO administrator credentials provided to your organization.

  2. Navigate to Integrations  Audit API Keys.

  3. Select the audit API key you want to view, and click Edit.

  4. If needed, reset the client secret.

    If you reset a client secret, clients using this API key must be updated to use the new client secret.

    1. Click the Edit icon.

    2. Click OK.

  5. Make a note of the values under Client ID and Client Secret. You will need to assign them to the client_id and client_secret parameters in the scm_config.yaml file.

    Client ID and secret

  6. Click Save.

Configure a data input

  1. In Splunk Web, navigate to Apps  Sectigo Audit.

  2. Click Create new input.

    Add data source

  3. Complete the Add Sectigo Audit Config form.

    Configure data source

    The following table describes the configuration fields required to set up the SCM Audit data source.

    Field Description

    Name

    A user-defined name for the config.

    Interval

    The synchronization interval (minimum 5 seconds).

    Index

    The Splunk index to save logs to.

    API URL

    The URL of the SCM Audit API.

    The possible values are:

    Client ID

    The client ID of the SCM user.

    Client Secret

    The client secret of the SCM user.

  4. Click Add.

  5. Click Search.

    config created