This integration enables you to export network threat detections, metrics, and packet data from Reveal(x) 360 into Splunk SOAR.
- Log in to Reveal(x) 360.
- Click the System Settings icon and then click Integrations.
- Click the Splunk SOAR tile.
Click Create Credential.
The page displays the generated ID and secret.
- Copy and store the ID and secret, which you will need to configure the ExtraHop Add-On for Splunk.
- Click Done.
The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.
- Download the ExtraHop App for Splunk SOAR from the SplunkBase site.
- Install and configure the add-on according to the following documentation:
In the following configuration fields, enter the credentials you created and copied for the Splunk SOAR
- Client ID
- Client Secret
Next stepsExport Reveal(x) 360 detections, metrics, and packets to Splunk SOAR and initiate actions such as getting device information or tagging a device according to the instructions in the ExtraHop App for Splunk SOAR.