Splunk

Usage

By connecting Splunk's robust data analysis capabilities with Netography's network insights, organizations gain real-time alerting, monitoring, and comprehensive views of their security landscape. This integration also streamlines workflows, aids in compliance reporting, and offers scalable solutions that adapt to evolving needs, thus providing a valuable tool for improving decision-making, security response, and overall efficiency.

Prerequisites

Before configuring the Splunk integration in Netography, you will need to create a new Token for the HTTP Event Collector. For more information, consult the HTTP Event Collector documentation for Splunk.

Netography Portal Steps

In Settings > Response Integrations, click Add Integration. Select Splunk

Configuration

The following fields are specific to the Splunk integration.

The webhook URL should point to the 'services/collector/raw' endpoint of the HTTP Event Collector, as described in [Splunk's Documentation] (https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector).

Ensure that the HTTP Event Collector port can be reached from Netography's "integrations" IP address, which can be obtained from the Settings Overview page in the Netography Fusion portal.

Authentication

The following fields are necessary for the integration to authenticate using HTTP Basic Auth.

Additional post configuration

After the Splunk configuration is setup, you will need to configure a Response Policy in the Fusion portal.

Configure a Response Policy to Sent Events to Splunk

You can configure response policies in the portal by navigating to Response -> Response Policies -> Add Response Policy.