Splunk Requirements

The following is required to install the ThreatQuotient App for Splunk:

• A ThreatQ Instance running version 5.11 or greater.
• The ThreatQ Splunk Indicators export.  This export is provided by default with the ThreatQ platform.
• Splunk Environment (Enterprise or Cloud): version 9.1.x, 9.2.x, 9.3.x, 9.4.x, 10.0.x.
• A Splunk account with the following role (for installation and configuration):
  • Admin
  • SC_Admin (Splunk Cloud Admin)
  • Splunk_System_Role
  • ess_admin