Power Up Your Reporting with Splunk & LastPass Enterprise

We’re living in a data-driven world. Whether it’s login activity in Active Directory, password changes in LastPass, or event logs from one of your many cloud apps, you have a ton of data at your fingertips, but it can be a challenge to manage it all, let alone take the time to make sense of it. But as an IT or business lead, you need that data to help identity problems and inform future decisions, especially when it comes to security and access controls.

Splunk is a reporting tool that helps you gain key insights into what’s happening in your organization, and LastPass Enterprise now offers an integration with Splunk Cloud where you can leverage their advanced reporting for all of your LastPass data. LastPass already offers reporting on user, admin, shared folder, and notification activity, but the Splunk Cloud integration allows you to take a deeper dive into that data for greater insight into what’s happening within your organization.

With the Splunk Cloud integration in LastPass Enterprise it’s even easier for your IT team to collect data and manage reports in one central location — your Splunk Cloud instance — and you’re able to take advantage of a resource you already have in your toolset.

How It Works

All available log messages in the Enterprise dashboard, such as login activity, password changes, and form fill attempts, will be passed to a Splunk Cloud instance, where you can then create custom reports using that data. This allows you to use the advanced functionality of Splunk Cloud to access and report on your LastPass Enterprise activity. To take advantage of this integration, you need a running Splunk Cloud instance with a configured Data Input as HTTP Event Collector.

1)      Create Splunk instance – If your company isn’t currently using Splunk, you can simply start a trial. Be sure to select one of their cloud-based services (Splunk Light. or Splunk Cloud)Once you have an account or are logged in to your existing Splunk account, you’ll want to create a Splunk instance for the data you’ll be sending over from LastPass Enterprise. You can create a new instance from your customer portal, as well as give users access to that instance and more.

2)      Set up HTTP event collector – Within that instance, you can now set up the data inputs that will be sent from LastPass. For example, you’ll be able to send to Splunk all types of event logs, including user event, shared folder, admin and notification event logs. To do so, you’ll need to configure an HTTP Event Collector which authenticates the access using tokens. Within your LastPass instance in Splunk, follow the steps to create the HTTP event collector and generate the token and destination URL.

3)      Bind Splunk to LastPass – Once you have the token and URL, go back to your admin dashboard in LastPass. From the left-hand menu, click Advanced Options and select Enterprise Options. Then click “Splunk Integration” on the next screen, and add the token and URL in the designated fields. Click Update and the data integration will begin; it will take no more than 24 hours to complete, and it’s likely it will take much less time.

splunk-integration4)     Receive Raw Data – When the raw data is received into your Splunk instance from LastPass, you’ll see the event logs loaded into the LastPass instance in Splunk. Using that data, you can create and define new reports using the complete functionality of Splunk that you’re already using for your corporate data.


Using Data to Stay Secure

With integrations like Splunk, we’re helping data-driven companies be more efficient with data collection and allowing them to leverage their existing resources. Most importantly, it gives them more valuable insights into what employees are doing that helps users like you better protect company data and processes. We’ll continue to look for new integrations and management capabilities to help businesses monitor and manage the security and productivity of their org.

Whether you have a Splunk instance already or want to start a free trial, explore the new Splunk integration with LastPass Enterprise so you can better manage your company’s security and easily share that information with stakeholders. Learn more about reporting in LastPass Enterprise in the admin manual.