Skip to main content

Avanan Email Protection

Configuring an integration to Avanan Email Protection

See Splunk HEC Plugin configuration on the Fluency Interface.

Configure in Fluency

As the Application (shortname) field is to become a part of the data JSON record, it is suggested to used the following value for this product:

Application (shortname)

    avanan

Select the HEC integration endpoint from the list on the right side of the page, in the Event Collectors section. Choose the gear icon to view/configure the connector.

On the following page, Token and Webhook URL are displayed:

Configure in Avanan

To configure SIEM integration from the Avanan Portal:

  1. Go to Config > Security Engines > SIEM Integration.

  2. Under SIEM Integration click Configure.

  3. Select Splunk HTTP Event Collector (HEC) as the Transport method.

    1. Uses the values obtained from Fluency for the HTTP Event Collector Host/URI
    2. Same for the HTTP Event Collector Token
    3. The Indexer acknowledgment and Splunk Index options can be ignored.

  4. Select the required Log Format.

    1. JSON is preferred

  5. Click Save.

See the vendor's documentation for Splunk for more details.

Page last updated: 2023 Oct 26