The BloodHound Enterprise Splunk app ingests your BloodHound Enterprise data into Splunk.
Note: Version 2.0+ introduces ingest of BHE Audit Log data. To successfully ingest this data the BHE API user must be assigned the ‘Administrator’ role in BHE.
If you have not already, create an API key/ID pair, following Create a non-personal API Key/ID pair
In the setup screen, enter your BloodHound Enterprise domain name (CODENAME.bloodhoundenterprise.io
), the API key/ID pair you created and click Submit
Please note the warning—the initial collection can take some time, particularly for longer-term BloodHound Enterprise customers.
The index “bhe-splunk-app” will be created automatically if running Splunk on-prem.
Data will now begin flowing into the environment. You can monitor this progress through Splunk itself with the following query:
Update Data Input
Update Search Macro
The BloodHound Enterprise Splunk app ingests your BloodHound Enterprise data into Splunk.
Note: Version 2.0+ introduces ingest of BHE Audit Log data. To successfully ingest this data the BHE API user must be assigned the ‘Administrator’ role in BHE.
If you have not already, create an API key/ID pair, following Create a non-personal API Key/ID pair
In the setup screen, enter your BloodHound Enterprise domain name (CODENAME.bloodhoundenterprise.io
), the API key/ID pair you created and click Submit
Please note the warning—the initial collection can take some time, particularly for longer-term BloodHound Enterprise customers.
The index “bhe-splunk-app” will be created automatically if running Splunk on-prem.
Data will now begin flowing into the environment. You can monitor this progress through Splunk itself with the following query:
Update Data Input
Update Search Macro