For integration with Splunk, Intrigue provides the Intrigue Platform Add-on. This add-on enables Splunk users to load entities, issues and vulnerabilities in Splunk.
To install, download the add-on from Splunkbase and install it via Splunk's "Install app from file" option. After installation, the Intrigue Platform Add-on should be accessible through the menu on the left hand side.
To enable loading data from Intrigue's Platform API, the add-on requires at least two pieces of information:
- Access Keys
- Collection Slug
Access keys can be generated in the user profile settings. The collection slug can be found in the URI when the collection is loaded in Intrigue's Platform:
Input configurations are used to specify the details of the data ingestion. To create an input configuration, click on the "Create New Input" button in the input page:
The input configuration requires the previously mentioned access keys and slug. The following are the complete information required to create an input configuration:
- Name - a name for the input configuration
- Interval - the interval for refreshing data from Intrigue's Platform API (in seconds and between 6h(21600) to 12h(43200))
- Index - the Splunk index for indexing the data
- Collection Name - the slug of the collection (Important Note: This must match the slug of your collection in app.intrigue.io to retrieve the correct data).
- Item Type - The type of data to load from Intrigue Platform
- Access Key - authentication piece for Intrigue Platform
- Secret Key - authentication piece for Intrigue Platform
An example input configuration can be seen here:
After saving the input configuration, Intrigue's Platform Add-on will take a while to load the data. Once the data is in, it can be accessed via the search page.
Updated 4 months ago