Archive
Highlighted

How to get ExtraHop ML security detections into Splunk?

Explorer

I would like to create a dashboard in Splunk on my ExtraHop ML security detections. How do I do this?

0 Karma
Highlighted

Re: How to get ExtraHop ML security detections into Splunk?

Explorer

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

ExtraHop Forum Articlehttp://bit.ly/2vDn5lB

ExtraHop Dashboard

View solution in original post

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.