This integration enables you to export network threat detections, metrics, and packet data from Reveal(x) 360 into Splunk SOAR.
- Log in to Reveal(x) 360.
- Click the System Settings icon and then click Integrations.
- Click the Splunk SOAR tile.
Click Create Credential.
The page displays the generated ID and secret.
- Copy and store the ID and secret, which you will need to configure the ExtraHop Add-On for Splunk.
- Click Done.
The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.
- Download and install the ExtraHop App for Splunk SOAR from the Splunkbase site according to the Splunk Add-Ons and Apps documentation.
- From the installed app, click Configure New Asset.
- From the Type of Asset drop-down list, select Reveal(x) 360.
In the following configuration fields, enter the credentials you created and copied for the Splunk SOAR
- Client ID
- Client Secret
- Click the Documentation link on the asset configuration page and complete the configuration of the ExtraHop App for Splunk SOAR according to the documentation.
Next stepsExport Reveal(x) 360 detections, metrics, and packets to Splunk SOAR and initiate actions such as getting device information or tagging a device by following the configuration documentation.