# Splunk

## Usage <a href="#usage" id="usage"></a>

By connecting Splunk's robust data analysis capabilities with Netography's network insights, organizations gain real-time alerting, monitoring, and comprehensive views of their security landscape. This integration also streamlines workflows, aids in compliance reporting, and offers scalable solutions that adapt to evolving needs, thus providing a valuable tool for improving decision-making, security response, and overall efficiency.

## Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before configuring the Splunk integration in Netography, you will need to create a new Token for the HTTP Event Collector. For more information, consult the [HTTP Event Collector documentation](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector) for Splunk.

## Netography Portal Steps <a href="#netography-portal-steps" id="netography-portal-steps"></a>

In **Settings > Response Integrations**, click **Add Integration**. Select **Splunk**

![](/files/hWYVd7WiHb8gVf907f2H)

## Configuration <a href="#configuration" id="configuration"></a>

The following fields are specific to the Splunk integration.

The webhook URL should point to the 'services/collector/raw' endpoint of the HTTP Event Collector, as described in \[Splunk's Documentation] (<https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector>).

Ensure that the HTTP Event Collector port can be reached from Netography's "integrations" IP address, which can be obtained from the Settings Overview page in the Netography Fusion portal.

| Field                   | Required | Description                                                                                             | Example                                                     |
| ----------------------- | -------- | ------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- |
| `URL`                   | yes      | The webhook URL from Splunk                                                                             | `https://splunkhec.example.com:8088/services/collector/raw` |
| `Skip SSL Verification` | no       | If checked, the server certificate will not be validated against the available certificate authorities. |                                                             |
| `Headers`               | no       | Comma separated list of `header: value` pairs                                                           | `X-Netography: Webhook`                                     |

## Authentication <a href="#authentication" id="authentication"></a>

The following fields are necessary for the integration to authenticate using HTTP Basic Auth.

| Field      | Required | Description                            |
| ---------- | -------- | -------------------------------------- |
| `Username` | no       | Name of the HTTP Event Collector Token |
| `Password` | no       | Token Value                            |

{% hint style="info" %}
**📘After your configuration is submitted, the Splunk integration will be treated as a standard webhook integration in the Fusion portal.**
{% endhint %}

### Additional post configuration <a href="#additional-post-configuration" id="additional-post-configuration"></a>

After the Splunk configuration is setup, you will need to configure a Response Policy in the Fusion portal.

#### Configure a Response Policy to Sent Events to Splunk <a href="#configure-a-response-policy-to-sent-events-to-splunk" id="configure-a-response-policy-to-sent-events-to-splunk"></a>

You can configure response policies in the portal by navigating to **Response -> Response Policies -> Add Response Policy**.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/automate-responses/configuring-response-integrations/splunk.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.