Splunk Enterprise Security data source type specifications
When you configure Splunk Enterprise Security, understanding the specifications for the Splunk Enterprise Security data source type can help ensure a successful integration.
Important: Due to the nature of how notable events are forwarded to the QRadar® product, the data source must be customized to extract the
_raw field contents from the environment they are pulling from.
The following table describes the specifications for the Splunk Enterprise Security data source type.
Specification | Value |
---|---|
Manufacturer | Splunk |
Data source type | Splunk Enterprise Security |
Connector type | Universal REST API |
Event format | JSON |
Recorded Event Types | Notable events |
Automatically discovered? | No |
Includes identity? | No |
Includes custom properties? | No |
More information | Splunk Enterprise Security (https://www.splunk.com/en_us/products/enterprise-security.html) |