Description


MPmail Avanan offers an App for Splunk, publicly available in SplunkBase.

MPmail Avanan Splunk App pulls security events from MPmail Avanan to Splunk. The App allows our customers to consume MPmail Avanan security events on the same Splunk platform as other security solutions.



The App supports both Splunk Enterprise and Cloud.


Requirements


You will require an admin login to the tenant account in MPmail Avanan.

You will also need to obtain Client ID and Secret from Manage Protect Support in advance.


The Process


Login to the MPmail Avanan portal, and then log into the required tenant.

Click into Configuration, then Security Engines.

Select the "Send security events to Splunk" engine under "SIEM Integration".
Make sure to select "Upload to the Avanan Splunk App" in the configuration.


Go to SplunkBase and deploy the Avanan Splunk App: https://splunkbase.splunk.com/app/4880


Install the App.
Enter the app Set Up.
Enter Client ID and Client Secret.