Archive
Highlighted

How to get ExtraHop ML security detections into Splunk?

Explorer

I would like to create a dashboard in Splunk on my ExtraHop ML security detections. How do I do this?

0 Karma
Highlighted

Re: How to get ExtraHop ML security detections into Splunk?

Explorer

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

ExtraHop Forum Articlehttp://bit.ly/2vDn5lB

ExtraHop Dashboard

View solution in original post

0 Karma