Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get ExtraHop ML security detections into Splunk?

canalesjac
Path Finder
‎02-18-2020 04:40 PM

I would like to create a dashboard in Splunk on my ExtraHop ML security detections. How do I do this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

canalesjac
Path Finder
‎02-18-2020 10:43 PM

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

ExtraHop Forum Articlehttp://bit.ly/2vDn5lB

ExtraHop Dashboard

View solution in original post

Preview file
298 KB
0 Karma
Reply
Solved! Jump to solution
Solution

canalesjac
Path Finder
‎02-18-2020 10:43 PM

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

ExtraHop Forum Articlehttp://bit.ly/2vDn5lB

ExtraHop Dashboard

Preview file
298 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...