Installation
To install the Recorded Future App for Splunk:
1. Install the app by uploading a package or from Splunkbase
2. Restart Splunk if prompted
3. When launching the app for the first time, go to the Configuration tab → Setup
4. Enter the API Credential where designated
5. Review Proxy and Logging configuration
6. Configure Risk Lists and/or Alerting Rules on the associated tabs.
7. Click save after entering desired information
8. Each Correlation dashboard must be adapted to select relevant event types for the site. Go to the dashboard, click Edit and then select the Source tab. Near the top of the page there is instruction on how to set this up.
A more detailed installation document, with options specific to Splunk ES and general troubleshooting tips, is available here: https://go.recordedfuture.com/hubfs/splunk-integration-guide.pdf
Contact Us
For more information and to set up your trial or paid subscription, please contact
splunk@recordedfuture.com
This is the primary Recorded Future integration app for Splunk, and is the successor to both previous integrations [the Recorded Future App for Splunk Enterprise (https://splunkbase.splunk.com/app/2629/) and the Add-on for Splunk ES (https://splunkbase.splunk.com/app/3127/)]. The two older integrations will no longer be developed past their current versions (v5.0.10 and v4.0.4 respectively). Clients transitioning to this app from an older integration will need to do a full clean install.
This app includes functionality found in both of the separate older integrations; Splunk enterprise configuration is available by default, and if Splunk ES is detected, additional configuration options are available.
This is a Patch Release that fixes various issues, see CHANGELOG.md in README for details.
This is the primary Recorded Future integration app for Splunk, and is the successor to both previous integrations [the Recorded Future App for Splunk Enterprise (https://splunkbase.splunk.com/app/2629/) and the Add-on for Splunk ES (https://splunkbase.splunk.com/app/3127/)]. The two older integrations will no longer be developed past their current versions (v5.0.10 and v4.0.4 respectively). Clients transitioning to this app from an older integration will need to do a full clean install.
This app includes functionality found in both of the separate older integrations; Splunk enterprise configuration is available by default, and if Splunk ES is detected, additional configuration options are available.
This is a Patch Release that fixes the following issues:
- Typo in a dashboard
- Configuration change to ensure that Appinspect passes
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.