About the Splunk integration

This document was overhauled for version 2.5.5 of the app. To see an older version of the documentation, go to the EclecticIQ Platform 2.8.0 documentation.

EclecticIQ Platform App for Splunk is an app for Splunk Enterprise.

It enables Splunk Enterprise users to ingest large quantities of threat intelligence by integrating EclecticIQ Platform feeds with Splunk and use this threat intelligence within the Splunk Enterprise.

EclecticIQ Platform App for Splunk ships with:

  • Scripts to ingest outgoing feeds and to upload sightings back.

  • A default set of dashboards to make it easier for Splunk users to monitor feed data collection.

  • A default savedsearches to generate alerts in the app.

  • A default set of dashboards to allows Splunk users to monitor matching between Threat Intelligence and logs in Splunk (Alerting workflow).

  • Workflow actions to quickly get more details about a sighting in the EclecticIQ platform.

Support

Contact us at [email protected] to:

  • Share your feedback or request any support concerning the app.

  • Request further documentation.

  • Report bugs or feature requests.