Hello Fred,
CA Top Secret (TSS) does not have the ability to send violation messages directly to Splunk out of the box, but using CA Compliance Event Manager (CEM), you can.
CA CEM has comprehensive policy capabilities related to sending security events to Splunk in Syslog or other formats.
Some event types that can be sent to Splunk are Sign on success/violations (VERIFY), Object access success/violations (AUTH), Admin success/violations (TSS commands), etc.
For a complete list of the events and filtering capabilities of CA CEM, please see docops.ca.com and in the ‘Select a product list’ drop down, select CA Compliance Event Manager.
I believe your site already licenses CA CEM. If you have any follow up questions, I’d be happy to setup a conference call to review.
Also, there is a CA Partner Portal that identifies other 3rd party software options that augment the capabilities provided by CA TSS and CA CEM.
Thank you,
Mitchell Rozonkiewiecz
Sr Principal Architect
CA Compliance Event Manager