Integrate RevealX 360 with Splunk Enterprise Security SIEM
This integration enables the Splunk Enterprise Security SIEM to export device and detection data from the ExtraHop system through detection notification rules. You can view exported data in the SIEM to gain insight into how your devices are communicating in your environment and to view network threat detections.
This integration requires you to complete two tasks. An ExtraHop administrator must configure the connection between the SIEM and the ExtraHop system. After the connection is established, you can create detection notification rules that will send webhook data to the SIEM.
The detection notification rules associated with this integration are available from the integration configuration page as well from the Notification Rules table that you can access from System Settings.
Before you begin
You must meet the following system requirements:
- ExtraHop RevealX 360
- Your user account must have privileges on RevealX 360 for System and Access Administration.
- Your RevealX 360 system must be connected to an ExtraHop sensor with firmware version 9.8 or later.
- Your RevealX 360 system must be connected to ExtraHop Cloud Services.
- Splunk
- You must have Splunk Enterprise Security version 8.2 or later
- You must configure a Splunk Enterprise Security HEC connector for data ingest.
- Your SIEM must be able to receive webhook data. You can add static source IP addresses to your security controls to allow requests from RevealX 360.
Create a detection notification rule for a SIEM integration
Before you begin
- Your user account must have NDR module access to create security detection notification rules.
- Your user account must have NPM module access to create performance detection notification rules.
- You can also create detection notification rules from System Settings. For more information, see Create a detection notification rule.
Next steps
- Navigate back to the integration configuration page to check that your rule has been created and added to the table.
- Click Edit to modify or delete a rule.
Thank you for your feedback. Can we contact you to ask follow up questions?