SIEM Integrations
SIEM Integrations
Section titled “SIEM Integrations”Export NEURO findings to your Security Information and Event Management (SIEM) platform for centralized monitoring and correlation.
Splunk Integration
Section titled “Splunk Integration”Export findings to Splunk via HTTP Event Collector (HEC).
Requirements
Section titled “Requirements”- Splunk instance with HEC enabled
- HEC token with appropriate permissions
- Network connectivity to Splunk
Configuration
Section titled “Configuration”-
Enable HEC in Splunk
- Settings → Data Inputs → HTTP Event Collector
- Create new token for NEURO
-
Configure in NEURO
- Go to Settings → Integrations → SIEM
- Select Splunk
- Enter HEC URL (e.g.,
https://splunk.example.com:8088) - Enter HEC Token
- Click Test Connection
- Click Save
Exporting Findings
Section titled “Exporting Findings”- Go to Findings page
- Select findings to export
- Click Export → Splunk
- Choose index (or use default
neuro_findings) - Click Export
Splunk Search
Section titled “Splunk Search”Search Splunk from within NEURO:
- Go to Settings → Integrations → SIEM
- Click Search Splunk
- Enter SPL query
- View results
Event Format
Section titled “Event Format”Findings are exported as JSON events:
{ "event": { "finding_id": "uuid", "title": "SQL Injection", "severity": "critical", "status": "open", "project": "Web App Assessment", "client": "Acme Corp", "cvss_score": 9.8, "cve_ids": ["CVE-2024-1234"], "affected_assets": ["https://example.com/api"] }, "sourcetype": "neuro:finding", "index": "neuro_findings"}Elasticsearch Integration
Section titled “Elasticsearch Integration”Export findings to Elasticsearch for indexing and visualization with Kibana.
Requirements
Section titled “Requirements”- Elasticsearch cluster (7.x or 8.x)
- Write access to target index
- Network connectivity
Configuration
Section titled “Configuration”- Configure in NEURO
- Go to Settings → Integrations → SIEM
- Select Elasticsearch
- Enter cluster URL (e.g.,
https://elastic.example.com:9200) - Enter authentication (API key or username/password)
- Click Test Connection
- Click Save
Creating Indexes
Section titled “Creating Indexes”Create an index with proper mappings:
- Go to Settings → Integrations → SIEM
- Click Create Index
- Enter index name
- NEURO creates index with appropriate field mappings
Exporting Findings
Section titled “Exporting Findings”- Go to Findings page
- Select findings to export
- Click Export → Elasticsearch
- Choose index
- Click Export
Document Format
Section titled “Document Format”Findings are indexed as documents:
{ "finding_id": "uuid", "title": "SQL Injection", "severity": "critical", "status": "open", "project_id": "uuid", "project_name": "Web App Assessment", "client_name": "Acme Corp", "cvss_score": 9.8, "cve_ids": ["CVE-2024-1234"], "cwe_ids": ["CWE-89"], "affected_assets": ["https://example.com/api"], "created_at": "2026-01-19T12:00:00Z", "updated_at": "2026-01-19T12:00:00Z", "@timestamp": "2026-01-19T12:00:00Z"}Kibana Dashboards
Section titled “Kibana Dashboards”Import pre-built Kibana dashboards:
- Download dashboard JSON from NEURO docs
- Import in Kibana → Stack Management → Saved Objects
- Configure index pattern
Use Cases
Section titled “Use Cases”Security Operations Center
Section titled “Security Operations Center”- Real-time finding alerts
- Correlation with other security events
- SLA tracking and escalation
Compliance Reporting
Section titled “Compliance Reporting”- Audit trail of all findings
- Remediation timeline tracking
- Executive dashboards
Threat Intelligence
Section titled “Threat Intelligence”- CVE correlation across systems
- Attack pattern analysis
- Trend identification
Next: API Integration