Add Splunk to EPM

  1. Select Configuration, and then select SIEM Settings.
  2. Select Enable SIEM Integration to turn on the feature.
  3. From the Integration Type list, select Splunk.
  4. Enter the details for your Splunk configuration:
    • Hostname. Do not include https:// in the hostname.
    • Index
    • Token
  5. Select the data format: CIM - Common Information Model or ECS - Elastic Common Schema.
  6. Click Validate Settings to test the connection to Splunk.
  7. Click Save Settings.