Hello Splunkers,
Im posting this answers here since lack of documentation from splunk side to get fire-eye data using HEC method.
Step1 - Generate HEC token in your splunk side as normal way and select index and sourcetype etc..
Step2 - Go fire-eye console and use below settings to update
a. Under Appliance Settings > Notifications > HTTP, configure a new HTTP Server as follows..
URL: https://
Auth: True
Username: x
Password: Splunk token generated in Step 1
SSL Enable: True
Test the Integration
Run a test on an endpoint that would trigger an XPLT, EXC or PRS alert
Alternatively, you can also test with the following curl command:
curl -k -u "x:" https://10.xx.250.12:8088/services/collector/raw -d '{"event":"Basic Auth!"}'
I hope this answer will help other splunkers on fire-eye data issues through HEC method.