Splunk Integration
The Splunk integration allows Devici to send security-relevant events and data to a Splunk instance.
This enables teams to centralize threat modeling signals, platform activity, and security context alongside existing observability and SIEM data.
What the Splunk Integration Does
When enabled, the Splunk integration allows Devici to:
- Forward platform events to Splunk
- Centralize threat modeling–related signals
- Correlate Devici activity with logs and security telemetry
The Splunk integration operates independently of workflows.
Connecting Splunk to Devici
To send data from Devici to Splunk, you must configure the Splunk integration.
Prerequisites
Before connecting Splunk, ensure you have:
- Administrative access in Devici
- Access to the target Splunk instance
- A valid Splunk authentication token
Set Up the Splunk Integration
To connect Splunk to Devici:
- Open Settings in Devici.
- Navigate to App Integrations.
- Select Connect next to Splunk.
-
Complete the integration form:
-
Host — Splunk host or endpoint
- Port — Splunk port
- Token — Splunk authentication token
-
CA Certificate (optional) — Custom certificate authority for TLS
-
Select Save.
Once saved, Devici begins sending supported events to the configured Splunk instance.
Data Sent to Splunk
The Splunk integration sends structured event data generated by Devici.
This may include:
- Threat modeling activity
- Platform-level events
- Security-relevant signals
Event content and volume may vary based on platform configuration and usage.
Security Considerations
- Communication with Splunk occurs over the configured host and port
- Authentication is handled using the provided token
- A custom CA certificate can be supplied for environments with strict TLS requirements
Ensure that tokens and certificates are stored and rotated according to your organization’s security policies.