Extrahop Reveal(x) Alerts Notifications to Splunk

ExtraHop Reveal(x) is great at Alerts and Notifications. I recommend running Firmware v7.9.3. In Reveal(x) currently there are also no available trending dashboards out of the box on alerts and notifications. If you are interested in this capability you can you use the health syslog configuration in ECA and send alerts/notifications to your SIEM. :fire:

This does NOT require a custom bundle. You can create all your alerts/notification, assign them to objects and enable them. You can import this sample Splunk Dashboard attached bellow.



Extrahop Alerts Notifications Overview.txt (13.7 KB)

More On Splunk Mobile

  • I liked this post
  • I did not like this post

0 voters