Splunk CloudSOC SIEM Agent does not gather Audit Data
search cancel

Splunk CloudSOC SIEM Agent does not gather Audit Data


Article ID: 173279


Updated On:


CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced


Configured SIEM agent.
Detect and Investigate data is collected properly. 
No Audit data is collected.


SIEM agent only collects Detect and Investigate data.
It does not gather Audit data by design.


The SIEM agent does not collect and retrieve data from the Audit.

Please work with your Sales Engineer to enter a feature request.

If you still want to export Audit data, please follow these steps as an alternative: 

  1. Log on to CloudSOC.
  2. Navigate to the CloudSOC Techdocs page.
  3. Click the 'CloudSOC API' option.
  4. Locate the 'Audit API' tech doc.
  5. Follow the directions as outlined.

Additional Information

Cloudsoc Audit API's 

API Authentication & Setup