This integration enables you to view network threat detections and behavioral insights from Reveal(x) 360 in Splunk.
- Log in to Reveal(x) 360.
- Click the System Settings icon and then click Integrations.
- Click the Splunk tile.
Click Create Credential.
The page displays the generated ID and secret.
- Copy and store the ID and secret, which you will need to configure the ExtraHop Add-On for Splunk.
- Click Done.
The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.
- Download the ExtraHop Add-On for Splunk from the SplunkBase site.
- Install and configure the add-on according to the following documentation:
In the following configuration fields, enter the credentials
you created and copied for the Splunk integration:
- Client ID
- Client Secret
Next stepsExport Reveal(x) 360 detections and metrics and view them in Splunk according to the instructions in the ExtraHop Add-On for Splunk Details.