Splunk integration is available for organizations with Password Management or Credential Protection.
With our Splunk integration, you can track how your team members use Dashlane. When you turn on Splunk integration for your team, we send your Activity Logs automatically to Splunk.
Splunk is a security information and event management (SIEM) tool that allows you to monitor team activity in real time. You can search and filter events like added devices, login sharing, and invitations to your Dashlane plan. You can also set up alerts for specific events, like when someone shares a login across teams or with someone outside the organization.
Set up Splunk integration for your team
- Log in to your Splunk Enterprise account.
- Create an HTTP Event Collector in Splunk
- Open the Admin Console in Dashlane. Select Integrations and then Events Reporting.
-
Enter your Splunk instance URL. Generally, your instance URL will be either:
https://{your_domain}:8088/services/collector/event/1.0or, for Splunk Cloud:
https://{your_domain}.splunkcloud.com:8088/services/collector/event/1.0 - Enter the HTTP Event Collector token in the field Splunk instance Token.
-
Before saving, we recommend selecting the Enable OCSF mapping for Splunk beta option to immediately standardize logs in Splunk, without having to manually map fields.
-
- Select Save tokens. If you already have a token saved, you can modify the token or URL and select Update tokens.
-
Turn on Activate Splunk Integrations. Events in your Activity Log will appear in Splunk after five minutes.
Tip: If you see an error message that says “server busy” when using Splunk, clear the Use Deployment Server checkbox in your Splunk Enterprise settings.
More about HTTP event collector settings
After setting up your integration, you can use Splunk to track the events listed in the Activity Log in your Dashlane Admin Console.
Note: Your Splunk integration won't log any previous events. Only new events will be tracked after the setup.
Use Activity Logs to track team activity
Important: If you've completed the integration and still can't see events from your Activity Log in Splunk, add the following IP addresses to your allow list in Splunk Web: 34.240.215.133/32, 34.253.34.91/32, 52.210.105.173/32.
Configure IP allow lists using Splunk Web
Beta: OCSF (Open Cybersecurity Schema Framework) export format
OCSF (Open Cybersecurity Schema Framework) is an open-source standard designed to provide a common language for security events. It creates a unified structure that allows different security tools to share data without the need for custom, proprietary mapping.
Mapping Dashlane logs to this standard before sending them to Splunk offers several key advantages for security teams:
- Without OCSF, Dashlane currently sends raw, unformatted event data, often requiring admins to spend hours developing custom parsers to process it.
- Standardized OCSF data allows security tools to ingest and analyze Dashlane logs immediately. This accelerates an organization's ability to build custom rules, reports, and dashboards in its security environment.
- OCSF allows a significantly faster setup to subsequent security tools integrations.
- Standardizing log formats prepares security data for emerging AI-driven "agentic" workflows. By using OCSF, Dashlane logs can be easily accessed by AI security assistants.
For more information on tracking events in Splunk, check out Splunk’s documentation website.
If you have any issues with this process, please contact our Support team through the Admin Console.