Zoom chat app for Splunk

Overview

The Zoom chat app for Splunk sends Splunk notifications to Zoom chat channels.

This guide covers:

  • Installation and Configuration
  • Using the Splunk chat app
  • Uninstalling the Splunk chat app

Prerequisites

  • Free or Paid Zoom Account
  • A verified Splunk account
  • Pre-approval of the Splunk chat app in the Zoom Marketplace

Note: If the app is not pre-approved, please contact your Zoom admin.

Installation and Configuration

Installing from Zoom Marketplace

  1. Login to your Zoom account and navigate to the Zoom Marketplace.
  2. Search for Splunk and click on the app.

splunk_icon

  1. If the app is not pre-approved, contact your Zoom admin to approve this app for your account.
  2. Click Install, confirm the app permissions and choose Authorize:

splunkoauth_req

  1. You will see a success page, and the Zoom chat app for Splunk will be installed and available for all users in the Zoom account. The Splunk chat app will appear under the APPS section of the Zoom client:

splunkin_apps

  1. The next step is to authorize your Splunk account with Zoom.

Connect and configure the Splunk chat app

  1. After installing the Splunk app from the Zoom Marketplace, navigate to the 1:1 Splunk app channel in Zoom chat client.
  2. Enter the connect command.
  3. The Splunk chat app will respond with a message containing a link to authenticate your account with Splunk.
  4. Click the link to Authorize to Splunk.

splunkconnectweb

  1. Provide your Splunk User Name, Password, Host Name/IP and Management Port and click on Submit.

  2. On successful authorization, you will see a success web page. A Splunk admin can then issue the manage command to setup WebHooks. Once WebHooks are setup, any Zoom user can issue the configure command to get notifications in any channel.

splunkconnect

Using the chat commands

help

Type help to receive a list of commands for the Splunk chat app.

splunkhelp

Manage

Setup a WebHook by issuing the manage command, and click on the link:

splunkmanage

On the resulting chat app setup web page, provide your same User Name and Password which you have given during account authentication. Then click on Submit:

splunkconfigweb

After you click on Submit, Follow the instructions on the chat app setup web page: Copy the WebHook URL from the chat app setup web page to the Splunk alert setup page in the Splunk Enterprise account and Save it:

Configure

Issue the configure command to configure Splunk notifications to Zoom chat channels:

splunkconfigure

Click on the link to bring up the chat app notification config web page:

splunkweb_not

Once you have configured the Zoom chat channels, those channels will receive notifications. As an example, when a search happens in a Security log in Splunk Enterprise App, you will see the Security notification message.

Security Notification splunknotification3

Sales Notification splunknotification2

All Notifications splunknotification

Instant meetings

Issue the meet command to create an instant Zoom meeting, and get a Zoom meeting join link:

splunkmeet

The meeting will appear in the list of scheduled meetings under the Meetings tab of your Zoom Client:

splunklisting

Removing the Splunk chat app

  1. Login to your Zoom account and navigate to the Zoom Marketplace.
  2. Search for Splunk and click the app or navigate to your installed apps via Manage > Installed Apps.
  3. Click Uninstall next to Splunk.
  4. Confirm the dialogue and click Uninstall.

For additional help or technical support, please submit a ticket.

Data Security

  • This app has access to the following information on Zoom:
    • View channels subscribed to by a Zoom user under the Zoom account.
    • View existing meeting details for a Zoom user under the Zoom account.
    • View all information of a Zoom user under the Zoom account.
  • This app has access to the following information on Splunk:
  • This chat app has the following permissions on Zoom:
    • Send a chat message to an IM channel or Zoom user under the Zoom account.
    • Create a Zoom meeting on behalf of any Zoom user under the Zoom account.
  • Communications between this chat app and Zoom/Splunk are encrypted:
    • Protocol: TLS 1.2
    • Cipher suite: ECDHE-ECDSA-AES128-GCM-SHA256
    • Key length: 128 bits
    • Perfect Forward secrecy: YES
  • This chat app stores access credentials in the local data store:
    • Splunk and Zoom OAuth credentials (admin-level and user-level) are stored in an encrypted database.