[this is for v4.0.x of the Recorded Future App for Splunk Enterprise]
Initial setup of the App
Once the app has been installed on the Splunk server the initial setup of the app is done under Configuration->Global configuration.
The Configuration view has three panes: Proxy, Logging and Add-on Settings.
To be able to see and configure API key, Proxy settings and API URL in the Splunk App, the user needs the capability 'list_storage_passwords'. To be able to change the logging level, the user needs the capability 'admin_all_objects'.
The API key must be configured in the Add-on Settings pane in order for the app to work.
If the Splunk server uses a proxy to access the Internet this should be configured here. If no proxy is used leave the Enabled checkbox unchecked.
Host and port must always be set. If the proxy requires authentication the username and password should be set here. If authentication is not used these fields should be left empty.
If additional logging is required it's possible to adjust the log level here.
The recommended log level is INFO.
The integration logs to the standard Splunk log directory ($SPLUNK_HOME/var/log/splunk). The following log files will be created (depending on app configuration and usage all may not exist):
The events logged into these files can be viewed either as files on the Splunk server of via the Splunk GUI.
The Recorded Future API key required for the proper operation of the app is entered in the Api key field.
In some rare situations it may be necessary to change the URL the the Recorded Future API. If Recorded Future support instructs you to do so the URL should be entered in the Recorded Future Api URL field.
Your Recorded Future Intelligence Services consultant would be happy to help you with additional questions and advice. If you do not know who that is, you can also contact [email protected]
Please do not contact Splunk support about "Recorded Future for Splunk Enterprise".