- Splunk Integration
-
Bundle Overview
-
Instructions and Download
Splunk Integration
The Splunk Integration (v1.1) enables users to connect ExtraHop Reveal(x) to a Splunk SIEM through the Splunk HEC. With this integration, users can send ExtraHop data to Splunk and track transactions.
Splunk Integration (v1.1)
Description
This integration enables you to connect ExtraHop Reveal(X) to your Splunk SIEM using the Splunk HEC (HTTP Event Collector). The Splunk Integration features triggers to collect alerts, detections, DNS responses, and file share activity, as well as a no-friction, drop-in trigger function for easily sending anything from your own triggers to Splunk. Contents also include a dashboard that breaks down transactions and data volume and tracks the integration health.
Requirements
You must have:
- An ExtraHop Discover or Command appliance with version 8.0 or later and a user account that has Unlimited privileges
- Access to Splunk
Contents
- 1x Dashboard
- Splunk Events
- 5x Triggers
- Splunk: Connector
- Splunk: Alerts
- Splunk: CIFS Access
- Splunk: DNS Host Queries
- Splunk: Detections