Tracks Logins and Signups with Splunk HEC
What does it do?
This rule will send a
Login events to Splunk's HTTP Event Collector, including some contextual information of the user: the application the user is signing in, client IP address, username, etc.
We use a persistent property
SignedUp to track whether this is the first login or subsequent ones.
Events will show up on the Splunk console shortly after user access:
In order to use this rule, you need to enable HTTP Event Collector (HEC) on your Splunk instance and get an HEC token. You can learn more how to do this here
Below is a screenshot showing an SingUp event sent to Splunk Cloud.
How do I use it?
Just create a new rule in the Auth0 dashboard, and copy the following code replacing the placeholders with the appropriate values.
What is Rule-Based Authentication?
Rules can be used to enrich and transform the user profile, deny access to specific users under certain conditions, retrieve information from external services and much more. For more information about rules, please check the documentation