Splunk® Attack Analyzer

Detect and Analyze Threats with Splunk Attack Analyzer

Use the Splunk Attack Analyzer API to get data into Splunk Attack Analyzer

You can access all the data available in the Splunk Attack Analyzer user interface through the Splunk Attack Analyzer API. To ingest data into Splunk Attack Analyzer using the API, follow these steps.

Prerequisite

Access to a Splunk Attack Analyzer API key. See Create and manage API keys in Splunk Attack Analyzer.

Steps

  1. Navigate to Splunk Attack Analyzer and select your username, then Knowledge Center, then View API Documentation.
  2. Follow the steps listed in the Splunk Attack Analyzer API documentation to ingest data into Splunk Attack Analyzer using the API.

By default, Splunk Attack Analyzer retains data for 180 days after which it is deleted. If you want to retain data for a longer period of time, before the data is deleted you can use the Splunk Add-on for Splunk Attack Analyzer or the Splunk Attack Analyzer APIs to store data in the Splunk platform or another SIEM tool you might be using. See the User Guide for the Splunk Add-on for Splunk Attack Analyzer and the API documentation in Splunk Attack Analyzer for more information.

Last modified on 21 October, 2024
Use email to get data into Splunk Attack Analyzer   Use manual submission to get data into Splunk Attack Analyzer

This documentation applies to the following versions of Splunk® Attack Analyzer: Current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters