Splunk® InfoSec App

Installation Guide

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Access and install additional apps and add-ons to use the InfoSec app for Splunk

You must install the following supporting Splunk apps and add-ons from Splunkbase before you can use the InfoSec app for Splunk:

Optionally, you can also install the following three apps and add-ons:

The Splunk Security Essentials (SSE) app includes hundreds of additional security searches that you can integrate into the Splunk InfoSec App. The SSE app also includes comprehensive guided data on-boarding examples that can help identify the data sources required to enable the security controls and assist in the configuration of the underlying data source.

The third-party Alert Manager app and Alert Manager add-on provide an incident management capability with simple workflows to support the management of triggered alerts from within the Splunk InfoSec app.

For more information on installing and configuring the SSE app, see the Splunk Security Essentials app documentation. For more information on installing and configuring the Alert Manager app, see the Alert Manager documentation.

You can install any of these apps within Splunk Cloud except the Splunk Common Information Model (CIM) app.

Access the additional apps or add-ons

Follow these steps to access the additional app or add-ons in your Splunk Cloud or Splunk Enterprise environment:

Steps

  1. Log into your Splunk environment with an account that has administrative privileges.
  2. In Splunk Web, select the App menu in the menu bar.
  3. Click Find More Apps.
  4. Type the name of the app or add-on in the search bar.
    The app is listed as one of the available apps for installation.

Install the additional app or add-on

Follow these steps to install the additional app or add-on in your Splunk Cloud or Splunk Enterprise environment:

  1. In your Splunk platform instance, click Install next to the additional app or add-on name.
  2. Log in with the credentials that you use to log in to the Splunk Support Portal on www.splunk.com website or Splunkbase.
  3. Confirm that the additional app or add-on is installed by selecting the app or add-on from the app menu.

You are ready to configure the InfoSec app. Proceed to confirm the health of the Splunk Infosec app. See Confirm the health of the Splunk InfoSec app.

Last modified on 25 February, 2021
PREVIOUS
Troubleshoot access to the InfoSec app for Splunk
  NEXT
Collect data from data sources to use the InfoSec app for Splunk

This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters