Integrate Reveal(x) 360 with Splunk SOAR

This integration enables you to export network threat detections, metrics, and packet data from Reveal(x) 360 into Splunk SOAR.

To configure this integration, you must create Splunk SOAR credentials and then add those credentials when you configure the ExtraHop App for Splunk SOAR.

System requirements

ExtraHop Reveal(x) 360

  • Your user account must have privileges on Reveal(x) 360 for System and Access Administration.
  • Your Reveal(x) 360 system must be connected to an ExtraHop sensor with firmware version 9.0 or later.
  • Your Reveal(x) 360 system must be connected to ExtraHop Cloud Services.

Splunk

  • You must have Splunk SOAR version 5.3 or later.

Create Splunk SOAR integration credentials

  1. Log in to Reveal(x) 360.
  2. Click the System Settings icon and then click Integrations.
  3. Click the Splunk SOAR tile.
  4. Click Create Credential.
    The page displays the generated ID and secret.
  5. Copy and store the ID and secret, which you will need to configure the ExtraHop Add-On for Splunk.
  6. Click Done.
The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.

Install and configure the ExtraHop App for Splunk SOAR

  1. Download and install the ExtraHop App for Splunk SOAR from the Splunkbase site according to the Splunk Add-Ons and Apps documentation.
  2. From the installed app, click Configure New Asset.
  3. From the Type of Asset drop-down list, select Reveal(x) 360.
  4. In the following configuration fields, enter the credentials you created and copied for the Splunk SOAR integration:
    • Client ID
    • Client Secret
  5. Click the Documentation link on the asset configuration page and complete the configuration of the ExtraHop App for Splunk SOAR according to the documentation.

Next steps

Export Reveal(x) 360 detections, metrics, and packets to Splunk SOAR and initiate actions such as getting device information or tagging a device by following the configuration documentation.
Last modified 2023-11-07