Select Page

Splunk

Welcome Forums Integrations Splunk

Viewing 1 post (of 1 total)
  • Author
    Posts
  • July 2, 2018 at 7:31 pm #1645
    Mike RiforgiateMike Riforgiate
    Keymaster

    PRECINCT CONFIGURATION

    • Go to Admin > SOAR > Splunk > Config
    • Click the checkbox for Enable Splunk Integration
    • Paste the API Server (IP address:port), Username and Password
    • Click the disk icon (Save)
    • Click Jobs and go to Artifacts from Splunk.
    • Select Triggers, expanding Manual Trigger and Interval Trigger. 
      • Toggle both to State: ENABLED
    • The Interval Trigger is set to 2 hours by default, but you can update it to what best suits your organization. (Recommended: 10 minutes)
    • Click the disk icon (Save)

     

     

    https://vimeo.com/254056535

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.