Download PDF

View Table of Contents

Product Requirements

RevealX 360 only

Thank you! We will contact you soon to ask how we can improve our documentation. We appreciate your feedback.

Was this topic helpful?

Yes No

Thank you for your feedback. Can we contact you to ask follow up questions?

How can we improve?

Need more help?

Ask the Community

Integrate RevealX 360 with Splunk SOAR

This integration enables you to export network threat detections, metrics, and packet data from RevealX 360 into Splunk SOAR.

To configure this integration, you must create Splunk SOAR credentials and then add those credentials when you configure the ExtraHop App for Splunk SOAR.

System requirements

ExtraHop RevealX 360

Your user account must have privileges on RevealX 360 for System and Access Administration.
Your RevealX 360 system must be connected to an ExtraHop sensor with firmware version 9.0 or later.
Your RevealX 360 system must be connected to ExtraHop Cloud Services.

Splunk

You must have Splunk SOAR version 5.3 or later.

Create Splunk SOAR integration credentials

Log in to RevealX 360.
Click the System Settings icon and then click Integrations.
Click the Splunk SOAR tile.
Click Create Credential.
The page displays the generated ID and secret.
(Optional): If you have already created a credential for REST API access, you can apply it to the integration. Click Select Existing Credential, select a credential from the drop-down list and then click Select.
Copy and store the ID and secret, which you will need to configure the ExtraHop Add-On for Splunk.
Click Done.

The credential is also added to the ExtraHop REST API Credentials page where you can view the credential status, copy the ID, or delete the credential.

Next steps

Install and configure the ExtraHop App for Splunk SOAR.

Install and configure the ExtraHop App for Splunk SOAR

Download and install the ExtraHop App for Splunk SOAR from the Splunkbase site according to the Splunk Add-Ons and Apps documentation.
From the installed app, click Configure New Asset.
From the Type of Asset drop-down list, select RevealX 360.
In the following configuration fields, enter the credentials you created and copied for the Splunk SOAR integration:
- Client ID
- Client Secret
Click the Documentation link on the asset configuration page and complete the configuration of the ExtraHop App for Splunk SOAR according to the documentation.

Next steps

Export RevealX 360 detections, metrics, and packets to Splunk SOAR and initiate actions such as getting device information or tagging a device by following the configuration documentation.

Last modified 2024-05-15

Documentation

Products

Differentiation

Solutions

Security Operations

Cloud-Native Security

Application Analytics

Network Performance

Customers

Community

Partners

Support

Training

Resources

More Resources

Company

Events and Information