INTEGRATIONS
Splunk App Integration
7 min
the flare splunk app delivers a splunk enterprise on premises solution that provides full access to flare event data within splunk users can now access full event details go beyond alert summaries and directly dive into detailed event information in splunk enhance security workflows use flare data to perform correlations, enrich investigations, and automate responses within splunk, all tailored to their environment customize and control meet compliance and operational requirements with an on premises app designed to fit enterprise needs, allowing for high control over data access and usage installation the best way to install the flare splunk app within your splunk enterprise instance is done in one of two ways 1 splunk app marketplace (preferred) log into your splunk enterprise instance from the home screen, click on the apps dropdown and then click on "find more apps" search for "flare" click the install button it may be helpful to add additional filters to the search under the category heading, select security, fraud & compliance threat intel under the app type heading, select app 2 download from splunkbase in your browser, navigate to https //splunkbase splunk com/ https //splunkbase splunk com/ log into splunkbase in the search bar, search for "flare" click the download button to download the file log into your splunk enterprise instance from the home screen, click on the apps dropdown and then click on "manage apps" click on the "install app from file" button click the "choose file" button and select the file you downloaded in step 4 if this is not your first installation, click the "upgrade app" checkbox click the "upload" button click the "set up now" button and go though the configuration steps listed below configuration once the app installation is complete, you will be brought to the application configuration screen if you are not immediately brought to the flare app configuration screen, navigate to the splunk enterprise home screen, and in the left column under apps, you will see the flare app click on that, and you will be brought to the configuration screen if you are upgrading the app, you will not need to go through this step again get or create your api key log into https //app flare io and go to your profile page look for the " api keys " heading create your api key, and use the copy to clipboard button on the right to copy it configure flare splunk app with your api key select your tenant & index your organization may have more than one tenant select the one from which you would like to import events the flare app will use a "flare" index to ingest data into by default you can switch this to the "main" index or any othe custom index that you create select additional filters by default all severities and category filters are selected if you wish to limit those, you may do so here additionally, by default, the flare app will ingest full activity data if you wish to limit that to event metadata only, toggle the "basic event ingestion" switch on click submit start analyzing flare data click the "view flare data" button to go to a prefilled search if this is the first time viewing data, it will take about one minute after configuring the app to start seeing data that's it! 🎉 your flare splunk app should now be pulling in events from flare note in the image above index="flare" this index is created by the flare app and this is where all flare event data will be stored if you have a need to change this, see the instructions below change your tenant if you ever need to switch the tenant from which you want to pull events or change your api key, you can do this from the configuration tab