About Splunk
Splunk is the world's leading data platform for security and IT operations, trusted by enterprises and governments globally to monitor, investigate, and respond to threats at scale across massive volumes of machine data. With a security portfolio spanning SIEM, SOAR, and threat intelligence management that powers security operations centers worldwide, Splunk is the gold standard for security analytics and operational intelligence. Teams looking to integrate with Splunk or build a Splunk integration can use Synqly to route normalized security data, logs, and telemetry from across the security stack into Splunk's analytics platform through a unified connector.
About the Splunk Enterprise Security Integration
Splunk Enterprise Security is the gold-standard SIEM platform used by security operations centers worldwide for threat detection, investigation, and response at enterprise scale. As Synqly’s Sink provider, Splunk Enterprise Security enables security teams to stream security event data and integration telemetry from Synqly-connected tools into Splunk’s data pipeline via HTTP Event Collector (HEC) for indexing, analysis, and correlation. Integrate with Splunk Enterprise Security as a Sink to route security events from your Synqly integrations into Splunk ES, enriching your existing detection rules and investigation workflows with additional data sources.
Integration Use Cases
Get Alert
Retrieves an alert by ID.
Post Events
Writes a batch of `Event` objects to the SIEM configured with the token used for authentication.
Query Alerts
Queries alerts from the SIEM configured with the token used for authentication.
Query Events
Queries events from the SIEM configured with the token used for authentication.
Query Log Providers
Queries available log providers in the source SIEM