Connect Splunk to the EclecticIQ Fusion Center using the Threat Intelligence EclecticIQ Platform App.
User name and password for EclecticIQ Fusion Center.
Threat Intelligence EclecticIQ Platform App for Splunk installed on your Splunk instance.
Network access between EclecticIQ Fusion Center and your Splunk instance.
Download and install the app on Splunk
Download the Threat Intelligence EclecticIQ Platform App from Splunkbase.
Save the tar.gz package locally.
Log into your Splunk instance.
In the top navigation bar, open the Apps drop-down menu and select Manage Apps.
In the top right corner, click Install app from file.
In the Upload app page, click Browse and select the tar.gz package you just downloaded.
Click Upload to install the package.
When prompted, click Restart to restart your Splunk instance.
Configure the app
Once the Threat Intelligence EclecticIQ Platform App is installed:
In the top navigation bar of Splunk Web, click Apps > Manage Apps.
Locate EclecticIQ Platform App in the list of apps.
In the Actions column for EclecticIQ Platform App, click Set up.
In the EclecticiIQ Platform App Configuration Page, fill out these fields:
EclecticIQ Platform url
EclecticIQ Platform Version
Verify the SSL Connection if SSL is used
Select this option.
ID of feeds for collection from EclecticIQ Platform
Enter: 1, 3, unless otherwise instructed by your customer success manager.
EclecticIQ Platform Source Group
Enter your EclecticIQ Fusion Center user name.
Enter your EclecticIQ Fusion Center password.
Click Save Settings to finish configuring the app.
Optional app configuration
(Optional) When configuring the app on the EclecticIQ Platform App Configuration Page, you can set up these options:
If you’re using a proxy, enter its IP address here.
If required, enter the username for authenticating with your proxy.
Enter the password for your proxy.
Set to index=main by default.
Modify this to change the scope of the sightings query used by the app.
Send the following sightings types
All selected by default.
Select one or more sighting types to send to EclecticIQ Platform through the app.
Scripts Log Level
Set the log level for scripts run by the app. Change this only if you have issues with the app.