Usage

By connecting Splunk's robust data analysis capabilities with Netography's network insights, organizations gain real-time alerting, monitoring, and comprehensive views of their security landscape. This integration also streamlines workflows, aids in compliance reporting, and offers scalable solutions that adapt to evolving needs, thus providing a valuable tool for improving decision-making, security response, and overall efficiency.

Prerequisites

Before configuring the Splunk integration in Netography, you will need to have your webhook URL configured from Splunk. For more information, consult the Webhook configuration for Splunk.

Netography Portal Steps

Navigate to Integrations (make sure you are on the Response tab) and click "Add Integration", then select Splunk.

Configuration

The following fields are specific to the Splunk integration.

📘

After your configuration is submitted, the Splunk integration will be treated as a standard webhook integration in the Fusion portal.

Authentication

The following fields are necessary for the integration to authenticate using HTTP Basic Auth.

Additional post configuration

After the Splunk configuration is setup, you will need to configure a Response Policy in the Fusion portal and a custom Logparser in Splunk.

Configure a Response Policy to Sent Events to Splunk

You can configure response policies in the portal by navigating to Response -> Response Policies -> Add Response Policy.

Configure Splunk Custom Logparser

To configure the custom Logparser from Splunk, follow the Logparser guide.

To get logs from the Fusion Portal, to use for the Logparser, go to Search -> Events, select an event. view the raw record from the properties tray, select the JSON tab, and click the top level clipboard icon as shown below: