Splunk Integration

For integration with Splunk, Intrigue provides the Intrigue Platform Add-on. This add-on enables Splunk users to load entities, issues and vulnerabilities in Splunk.

Installation

To install, download the add-on from Splunkbase and install it via Splunk's "Install app from file" option. After installation, the Intrigue Platform Add-on should be accessible through the menu on the left hand side.

Configuration

To enable loading data from Intrigue's Platform API, the add-on requires at least two pieces of information:

  • Access Keys
  • Collection Slug

Access keys can be generated in the user profile settings. The collection slug can be found in the URI when the collection is loaded in Intrigue's Platform:

Input configurations are used to specify the details of the data ingestion. To create an input configuration, click on the "Create New Input" button in the input page:

The input configuration requires the previously mentioned access keys and slug. The following are the complete information required to create an input configuration:

  • Name - a name for the input configuration
  • Interval - the interval for refreshing data from Intrigue's Platform API (in seconds and between 6h(21600) to 12h(43200))
  • Index - the Splunk index for indexing the data
  • Collection Name - the slug of the collection (Important Note: This must match the slug of your collection in app.intrigue.io to retrieve the correct data).
  • Item Type - The type of data to load from Intrigue Platform
  • Access Key - authentication piece for Intrigue Platform
  • Secret Key - authentication piece for Intrigue Platform

An example input configuration can be seen here:

After saving the input configuration, Intrigue's Platform Add-on will take a while to load the data. Once the data is in, it can be accessed via the search page.


Did this page help you?