Splunk
Splunk provider allows you to get Splunk saved searches via webhook installation
Authentication
This provider requires authentication.
- api_key: Splunk API Key (required: True, sensitive: True)
- host: Splunk Host (default is localhost) (required: False, sensitive: False)
- port: Splunk Port (default is 8089) (required: False, sensitive: False)
- verify: Enable SSL verification (required: False, sensitive: False)
- username: The username connected with the API key/token provided. (required: False, sensitive: False)
Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:
- list_all_objects: The user can get all the alerts (mandatory)
- edit_own_objects: The user can edit and add webhook to saved_searches (mandatory)
In workflows
This provider can’t be used as a “step” or “action” in workflows. If you want to use it, please let us know by creating an issue in the GitHub repository.
Connecting with the Provider
Obtain Splunk API Token:
- Ensure you have a Splunk account with the necessary permissions. The basic permissions required are
list_all_objects&edit_own_objects. - Get an API token for authenticating API requests. Read More on how to set up and get API Keys.
Identify Your Splunk Instance Details:
- Determine the Host (IP address or hostname) and Port (default is 8089 for Splunk’s management API) of the Splunk instance you wish to connect to.
NOTE
Make sure to follow this Guide to configure your webhook allow list to allow your keep deployment.
Useful Links
- Splunk Python SDK
- Splunk Webhook
- Splunk Webhook Allow List
- Splunk Permissions and Roles
- Splunk API tokens
Splunk
Splunk provider allows you to get Splunk saved searches via webhook installation
Authentication
This provider requires authentication.
- api_key: Splunk API Key (required: True, sensitive: True)
- host: Splunk Host (default is localhost) (required: False, sensitive: False)
- port: Splunk Port (default is 8089) (required: False, sensitive: False)
- verify: Enable SSL verification (required: False, sensitive: False)
- username: The username connected with the API key/token provided. (required: False, sensitive: False)
Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:
- list_all_objects: The user can get all the alerts (mandatory)
- edit_own_objects: The user can edit and add webhook to saved_searches (mandatory)
In workflows
This provider can’t be used as a “step” or “action” in workflows. If you want to use it, please let us know by creating an issue in the GitHub repository.
Connecting with the Provider
Obtain Splunk API Token:
- Ensure you have a Splunk account with the necessary permissions. The basic permissions required are
list_all_objects&edit_own_objects. - Get an API token for authenticating API requests. Read More on how to set up and get API Keys.
Identify Your Splunk Instance Details:
- Determine the Host (IP address or hostname) and Port (default is 8089 for Splunk’s management API) of the Splunk instance you wish to connect to.
NOTE
Make sure to follow this Guide to configure your webhook allow list to allow your keep deployment.
Useful Links
- Splunk Python SDK
- Splunk Webhook
- Splunk Webhook Allow List
- Splunk Permissions and Roles
- Splunk API tokens