Solved: Re: How to get ExtraHop ML security detections int...

canalesjac · ‎02-18-2020

I would like to create a dashboard in Splunk on my ExtraHop ML security detections. How do I do this?

canalesjac · ‎02-18-2020

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

http://bit.ly/2vDn5lB

View solution in original post

canalesjac · ‎02-18-2020

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

http://bit.ly/2vDn5lB

How to get ExtraHop ML security detections into Splunk?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor