Introduction
The Recorded Future integration for Splunk enables security teams to enrich alerts, correlate events, and leverage real-time threat intelligence within their Splunk environment. This guide provides an introduction to installing and using the integration effectively.
Prerequisites
Before installing the Recorded Future integration for Splunk, ensure the following requirements are met:
1. Splunk Enterprise version 7.x or later
2. Admin access to Splunk
3. Network access to connect to the Recorded Future API
4. A valid API key from Recorded Future
5. Sufficient storage and indexing capacity in Splunk
Installation
1. Download the app
-
- Navigate to SplunkBase and download the Recorded Future App for Splunk.
2. Install the app
-
- Log in to your Splunk instance.
- Go to Apps > Manage Apps > Install app from file.
- Upload the downloaded .tar.gz file and click Install.
3. Restart Splunk
-
- After installation, restart Splunk to apply changes.
Support
Please reach out to Recorded Future Support at support@recordedfuture.com for further queries and additional assistance needed during the installation process.