Splunk Enterprise Security
The data source type for Splunk Enterprise Security collects alerts that are forwarded from Splunk Enterprise Security.
To integrate Splunk Enterprise Security with the QRadar® product, complete the following steps:
- Configure your Splunk Enterprise Security platform to send alerts to the QRadar product. For more information, see Configuring Splunk Enterprise Security to communicate with the QRadar product.
- Add a Splunk Enterprise Security data source.
When you configure the data source, use the Universal Cloud REST API connector to pull alerts from Splunk Enterprise Security.
For more information about adding a data source, see Adding ingestion data sources.
- If you want to enable federated search for your Splunk Enterprise Security platform, configure a connection to the data source. For more information, see Connecting data sources for federated search and querying.
If you are an IBM® QRadar user, see Terminology changes for QRadar customers.