Dropzone AI Documentation
WebsiteTest Drive
  • Dropzone Documentation
  • Overview
    • Alert Sources
    • Data Sources
    • Communicators
    • On-prem Support - Dropzone Connector
    • Interactive Chat
    • Metrics Guide
  • Dropzone Administraton
    • Team Admin
      • Google Workspace SAML
      • Okta SAML
  • Dropzone Integrations
    • Alert + Data Source Integrations
      • Amazon Web Services (AWS)
        • Cross-Account Access via CloudFormation
        • Cross-Account Access via Console
      • CrowdStrike
      • Datadog
      • Elasticsearch
      • Google Workspace
      • Google GCP
      • Jira
      • Microsoft 365 / Microsoft Defender
      • Microsoft Sentinel
      • Palo Alto Networks Firewall
      • Panther
      • SentinelOne
      • Splunk
      • Sumo Logic
    • Alert Integrations
      • Gem
    • Communicators
      • Slack Communicator
    • Data Source Integrations
      • AbuseIPDB
      • Active Directory (LDAP)
      • Archive Inspector
      • Blocklist.de
      • CAPA
      • Censys
      • Crowdstrike Falcon Intelligence
      • DNSResolver
      • EchoTrail
      • File
      • GreyNoise
      • Hybrid Analysis
      • Host.io
      • IPInfo.io
      • IPQualityScore
      • MalwareBazaar
      • Nuclei
      • NVD
      • Okta
      • oletools
      • OpenSSL Sign Code
      • PDF Analysis
      • Perplexity AI
      • PhishTank
      • Shodan
      • TShark
      • QRadar
      • UnshortenMe
      • URLhaus
      • Urlscan.io
      • VirusTotal
      • Vision
      • WHOIS
      • YARAify
Powered by GitBook
On this page
  • Create a Splunk User
  • Enable the Dropzone Data Source Integration
  • Enable the Dropzone Alert Source Integration

Was this helpful?

  1. Dropzone Integrations
  2. Alert + Data Source Integrations

Splunk

PreviousSentinelOneNextSumo Logic

Last updated 23 hours ago

Was this helpful?

This is a combined document for enabling the Dropzone AI Data Source and Alert Source for Splunk.

The Dropzone AI Platform integrates with Splunk Enterprise, a SIEM tool. Dropzone can perform analysis of Splunk-generated alerts, and/or use Splunk data as part of investigation analysis. Many customers ingest other alert sources into Splunk (e.g. IDPs) and integrate Dropzone into Splunk rather than the source systems.

Dropzone communicates to Splunk Enterprise using the .

Create a Splunk User

To enable Splunk, you will need to create a Splunk user.

To create a Splunk user, do the following:

  • In the Home Menu of Splunk Enterprise, Navigate to Settings > Users

  • Click on "New User"

  • Create a name (e.g. dropzone) and password. Save them for use later in the Dropzone UI where they are called "Username" and "Password" respectively

  • Assign a role to the User that will have access to the data you want Dropzone to be able to access

  • If two-factor authentication is enabled, provide the Duo username

  • Click "Create"

Enable the Dropzone Data Source Integration

To enable the Data Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • In the bottom left hand corner, click Settings > Integrations

  • Click "Data Sources" in the top left corner

  • In the SIEM section, find the Splunk tile and click "Connect"

  • Input the Server (e.g. splunk.corp.example.net)

  • Input the Username and Password

  • Click "Test & Save"

Enable the Dropzone Alert Source Integration

In addition to data source integration, Dropzone can be configured to monitor and investigate specific incident types from Splunk.

To enable the Alert Source integration, do the following:

  • Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai

  • In the bottom left hand corner, click Settings > Integrations

  • Click "Alert Sources"

  • In the SIEM section, find the Splunk tile and click "Connect"

  • Input the Server (e.g. splunk.corp.example.net)

  • Input the Username and Password

  • Click "Test & Save"

If you have any errors or questions, engage your Dropzone AI support representative.

Under "Splunk Alert Search", you must input a Splunk search query to identify alerts to investigate

SPL
Dropzone Connector
Navigate to Users
Click on New User
Fill out fields for New User
Integrations Dropdown
Select the "Data Sources" button
The Splunk Data Source Tile
The Splunk Data Source Configuration
Integrations Dropdown
Select the "Alert Sources" button
The Splunk Alert Source Tile
The Splunk Alert Source Configuration