Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get ExtraHop ML security detections into Splunk?

canalesjac
Path Finder
‎02-18-2020 04:40 PM

I would like to create a dashboard in Splunk on my ExtraHop ML security detections. How do I do this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

canalesjac
Path Finder
‎02-18-2020 10:43 PM

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

ExtraHop Forum Articlehttp://bit.ly/2vDn5lB

ExtraHop Dashboard

View solution in original post

Preview file
298 KB
0 Karma
Reply
Solved! Jump to solution
Solution

canalesjac
Path Finder
‎02-18-2020 10:43 PM

I found the answer to my question. ExtraHop Reveal(x) can send data to Splunk as a SIEM Syslog target. You can create a ExtraHop ML Detection Trigger and send it to your Splunk target. You can configure a Syslog input and create an ExtraHop index on port 514. You can then create custom dashboards. I recommend using Splunk universal forwarder dedicated for your Syslog input. You can find more information and an example the ExtraHop forum.

ExtraHop Forum Articlehttp://bit.ly/2vDn5lB

ExtraHop Dashboard

Preview file
298 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Almost Too Eventful Assurance: Part 1

Modern IT and Network teams still struggle with too many alerts and isolating issues before they are notified. ...

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...