The Splunk Add-on for Splunk Attack Analyzer retrieves data from completed jobs and the associated forensics from Splunk Attack Analyzer. Splunk Attack Analyzer detects and analyzes potential security threats.

You can perform the following tasks with the Splunk Add-on for Splunk Attack Analyzer:

• Get data from Splunk Attack Analyzer into the Splunk platform.
• Submit URLs from the Splunk platform to Splunk Attack Analyzer based on an alert. See Configure the Adaptive Response action.
• Search Splunk Attack Analyzer data using Splunk search capabilities in the Splunk platform. See Search Splunk Attack Analyzer data in the Splunk platform.

Follow these steps to retrieve data from Splunk Attack Analyzer:

1. Purchase Splunk Attack Analyzer.
   Note: You must purchase Splunk Attack Analyzer to use the add-on.
2. Download the Splunk Add-on for Splunk Attack Analyzer from Splunkbase.
3. Review the Splunk Add-on for Splunk Attack Analyzer installation requirements. See Installation requirements and version dependencies.
4. Install the Splunk Add-on for Splunk Attack Analyzer.
5. Configure the Splunk Add-on for Splunk Attack Analyzer.
6. After installing the add-on, you can download the Splunk App for Splunk Attack Analyzer from Splunkbase to view dashboards that contain metrics about your Splunk Attack Analyzer data.