Splunk

Name: QuantaSeal
Brand: QuantaSeal
Price: 69 AUD

Monitoring

system_type: "splunk"

Forward QuantaSeal audit logs and security events to Splunk via HEC (HTTP Event Collector).

Overview#

QuantaSeal sends audit logs and security events to Splunk using the HTTP Event Collector (HEC) endpoint. HEC tokens are sealed in QuantaVault. Every vault operation, encryption event, and compliance check is automatically forwarded to your Splunk index.

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Prerequisites#

1A Splunk instance (Cloud or Enterprise)
2HTTP Event Collector (HEC) enabled with a token
3HEC endpoint URL

Configuration#

Follow these steps to connect Splunk to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

1
In Splunk, go to Settings → Data Inputs → HTTP Event Collector → New Token.
2
Enable indexer acknowledgement and set the source type to _json.
3
Copy the HEC token.
4
Seal: POST /api/v2/vault/seal with credential_type: api_key.
5
Create integration with system_type: splunk, config: {hec_url: 'https://splunk.example.com:8088'}.

Authentication Types#

Seal the HEC token as api_key. Include the full HEC endpoint URL in integration config.

API Key

All credential types are sealed in QuantaVault with ML-KEM-768 + AES-256-GCM and wrapped by your tenant AWS KMS CMK before storage. See the Vault API reference for the full list of credential types and seal/unseal endpoints.

Available Operations#

QuantaSeal enforces a default-deny operation policy. Only operations listed in your integration's allowed_operations array will be permitted. Add operations when creating or updating the integration.

Operation	Description
`send_event`	Send a structured event to Splunk HEC.
`send_batch`	Send a batch of audit log events.

Code Example#

Every proxy call returns a HybridCryptoEnvelope - the response is ML-KEM-768 key-encapsulated, AES-256-GCM encrypted, and signed with ML-DSA-65 + HMAC-SHA-512. Verify both signatures before trusting the decrypted payload.

bashCopy

curl -X POST https://api.quantaseal.io/api/v2/proxy/outbound \
  -H "X-API-Key: qs_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"integration_id":"int_SPLUNK001","operation":"send_event","payload":{"event":{"action":"vault.seal","tenant":"acme","credential_type":"oauth2_client"},"sourcetype":"quantaseal:audit","index":"security"}}'

Decrypt the response using the QuantaSeal SDK: client.encryption.decrypt(envelope). Both the ML-DSA-65 signature and the HMAC-SHA-512 signature must pass - QuantaSeal uses a bitwise & check, not short-circuit and.

Troubleshooting#

Invalid HEC token

HEC tokens can be disabled or deleted. Verify the token is enabled in Splunk Settings → Data Inputs → HTTP Event Collector.

Still stuck? Check the Security Events page in the Admin Console for detailed proxy error logs, or open a support ticket at quantaseal.io/support.

All Connectors API Reference

Overview#

Base URL: https://api.quantaseal.io/api/v2/proxy/outbound
Auth header: X-API-Key: qs_live_…

Configuration#

Follow these steps to connect Splunk to QuantaSeal. You can configure integrations via the Admin Console or directly via the API.

In Splunk, go to Settings → Data Inputs → HTTP Event Collector → New Token.

Enable indexer acknowledgement and set the source type to _json.

Copy the HEC token.

Seal: POST /api/v2/vault/seal with credential_type: api_key.

Create integration with system_type: splunk, config: {hec_url: 'https://splunk.example.com:8088'}.