Integrate Reveal(x) Enterprise with Splunk
This integration enables you to view network threat detections and behavioral insights from Reveal(x) Enterprise into Splunk.
Before you can configure this integration, you must generate an ExtraHop REST API key and then add the key when you configure the ExtraHop Add-on for Splunk.
System requirements
ExtraHop Reveal(x) Enterprise
- Your user account must have full write privileges or higher on Reveal(x) Enterprise.
- Your Reveal(x) Enterprise system must be connected to an ExtraHop sensor with firmware version 8.8 or later.
- Your Reveal(x) Enterprise system must be connected to ExtraHop Cloud Services.
- Your Reveal(x) Enterprise system must be configured to allow REST API key generation.
Generate a REST API key
You must generate an ExtraHop API key before you can configure the ExtraHop Add-on for Splunk. The API key enables you to gain access to the integration and perform operations from Splunk.
- Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
- Click the User icon at the top right corner of the page, and then click API Access.
- In the Generate an API Key section, type a description for the new key, and then click Generate.
- Scroll down to the API Keys section and copy the API key that matches your description.
Install and configure the ExtraHop Add-on for Splunk
- Download and install the ExtraHop Add-on for Splunk from the SplunkBase site according to the Splunk Add-Ons and Apps documentation.
- From the installed app, click Configuration, and then click Add from the Account tab.
- Type a unique Account Name.
- From the Instance Type drop-down list, select On Prem Instance.
- Type the Hostname of the Reveal(x) Enterprise system that this account will connect to.
- Enter the key that you generated from your Reveal(x) Enterprise system in the API Key field.
- Complete the configuration of the account according to the ExtraHop Add-on for Splunk documentation available from the Details tab on the download page.
Thank you for your feedback. Can we contact you to ask follow up questions?