Create and manage API keys in Splunk Attack Analyzer

As an administrator, you can create and manage API keys in Splunk Attack Analyzer to use the API to get data into Splunk Attack Analyzer. Common API integrations include connecting Splunk Attack Analyzer with Splunk SOAR and Splunk Mission Control and connecting the Splunk Add-on for Splunk Attack Analyzer to index job and forensic data from Splunk Attack Analyzer to the Splunk platform. See the following topics for more information:

You can have up to 20 active API keys in Splunk Attack Analyzer. If you are using email to get data into Splunk Attack Analyzer, an email gateway API key is automatically created for you and this key counts toward the 20 active key limit.

Create an API key

As a user with an Administrator role, you can follow these steps to create an API key.

From Splunk Attack Analyzer select your username, then API Keys.
Select + New Key.
In the Name field, enter a name for the API key.
(Optional) In the Description field, enter a description for the API key.
Set the Key Expiration from the menu. By default, keys are set to Never Expire.
Set the permissions that you want the API key to have.
Select Save.

A modal appears letting you know that your API key was successfully created, and also displays your API secret.

Copy the API secret and save it in a secure location before navigating away from the modal as you are unable to view it again.

Manage API keys

Once you have added an API key in Splunk Attack Analyzer, you can edit or delete it.

From Splunk Attack Analyzer select your username, then API Keys.
Navigate to the API key you want to manage.
Select the edit icon () to edit the name, description, expiry date, or permissions for the key.
Select the delete icon () to delete the API key and select Delete to confirm.

Create and manage API keys in Splunk Attack Analyzer

Create an API key

Manage API keys

Comments

Create and manage API keys in Splunk Attack Analyzer

Was this topic useful?