Splunk® Attack Analyzer

Detect and Analyze Threats with Splunk Attack Analyzer

Create and manage API keys in Splunk Attack Analyzer

As an administrator, you can create and manage API keys in Splunk Attack Analyzer to use the API to get data into Splunk Attack Analyzer. Common API integrations include connecting Splunk Attack Analyzer with Splunk SOAR and Splunk Mission Control and connecting the Splunk Add-on for Splunk Attack Analyzer to index job and forensic data from Splunk Attack Analyzer to the Splunk platform. See the following topics for more information:

You can have up to 20 active API keys in Splunk Attack Analyzer. If you are using email to get data into Splunk Attack Analyzer, an email gateway API key is automatically created for you and this key counts toward the 20 active key limit.

Create an API key

As a user with an Administrator role, you can follow these steps to create an API key.

  1. From Splunk Attack Analyzer select your username, then API Keys.
  2. Select + New Key.
  3. In the Name field, enter a name for the API key.
  4. (Optional) In the Description field, enter a description for the API key.
  5. Set the Key Expiration from the menu. By default, keys are set to Never Expire.
  6. Set the permissions that you want the API key to have.
  7. Select Save.

A modal appears letting you know that your API key was successfully created, and also displays your API secret.

Copy the API secret and save it in a secure location before navigating away from the modal as you are unable to view it again.

Manage API keys

Once you have added an API key in Splunk Attack Analyzer, you can edit or delete it.

  1. From Splunk Attack Analyzer select your username, then API Keys.
  2. Navigate to the API key you want to manage.
  3. Select the edit icon (Edit icon) to edit the name, description, expiry date, or permissions for the key.
  4. Select the delete icon (Delete icon) to delete the API key and select Delete to confirm.
Last modified on 06 November, 2023
Manage roles and permissions for users of Splunk Attack Analyzer  

This documentation applies to the following versions of Splunk® Attack Analyzer: Current


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters