Configuring Splunk Enterprise Security to communicate with the QRadar product
To send threat alerts from Splunk Enterprise Security, you must have an API token. You need the API token when you configure a data source in the QRadar® product.
Before you begin
You must have access to a Splunk account with administrator privileges.
Procedure
What to do next
Add a Splunk Enterprise Security data source that uses the Universal Cloud REST API connector. For more information about the Universal Cloud REST API connector, see Universal Cloud REST API data source parameters for Splunk Enterprise Security.
For more information about adding a data source, see Adding ingestion data sources.