Getting Started - Splunk Enterprise/Enterprise Security

Introduction
The Recorded Future integration for Splunk enables security teams to enrich alerts, correlate events, and leverage real-time threat intelligence within their Splunk environment. This guide provides an introduction to installing and using the integration effectively.

Prerequisites
Before installing the Recorded Future integration for Splunk, ensure the following requirements are met:

1. Splunk Enterprise version 7.x or later

2. Admin access to Splunk

3. Network access to connect to the Recorded Future API

4. A valid API key from Recorded Future

5. Sufficient storage and indexing capacity in Splunk

Installation

1. Download the app

    • Navigate to SplunkBase and download the Recorded Future App for Splunk.

2. Install the app

    • Log in to your Splunk instance.
    • Go to Apps > Manage Apps > Install app from file.
    • Upload the downloaded .tar.gz file and click Install.

3. Restart Splunk

    • After installation, restart Splunk to apply changes.

Support
Please reach out to Recorded Future Support at support@recordedfuture.com for further queries and additional assistance needed during the installation process.

 

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more