Intruex for Splunk

Intruex for Splunk connects your Splunk environment to the Intruex AI SOC platform, enabling automated forwarding of alerts and search results for AI-driven analysis and triage. The app provides two integration paths: - Custom Search Command (| intruexsend): Pipe any SPL search results directly to Intruex from the search bar. Results are enriched with delivery status fields (intruex_status, intruex_http_code, intruex_response) so you can confirm successful delivery inline. - Alert Action (Send to Intruex): Attach to any saved search or correlation search to automatically forward triggered alerts to Intruex for real-time analysis. Key features: - Automatic field mapping with type coercion (integers, booleans) for clean data delivery - Batched HTTP transport with configurable batch size and timeout - API key stored securely in Splunk's encrypted credential storage (storage/passwords) - Credentials configured once via the setup page, used automatically by both the search command and alert action - Per-use credential overrides via inline arguments or alert action parameters - Splunk internal fields automatically stripped; _raw preserved for full event context - SSL verification enabled by default with optional override for development environments This app is designed for security teams using Intruex as their AI SOC platform and Splunk as their SIEM. It bridges the gap between detection in Splunk and automated analysis in Intruex. Requires an active Intruex account and API key.