I would like to create a dashboard in Splunk on my ExtraHop ML security detections. How do I do this?
I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.
I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.