Threat Stack integration for Splunk On-Call

Configure the Threat Stack integration for Splunk On-Call.

The following guide walks you through the steps needed to integrate your Threat Stack alerts into the Splunk On-Call timeline.

Requirements

This integration is compatible with the following versions of Splunk On-Call:

  • Starter

  • Growth

  • Enterprise

Splunk On-Call configuration

  1. From the Splunk On-Call web portal, select Settings > Alert Behavior > Integrations.image1

  2. Select the Threat Stack Integration.Threat Stack integration

  3. Turn on the integration and copy the service API endpoint to the clipboard.API endpoint URL

Threat Stack configuration

  1. From the main Threat Stack screen, select Settings > Integrations. Select the Splunk On-Call integration.Select Splunk On-Call integration

  2. Enter a name and description for the integration, then paste in the URL you copied from Splunk On-Call.Integration details

  3. Select the alert severity you want to send to Splunk On-Call.Select alert severity

This completes the integration process.