Access and install additional apps and add-ons to use the InfoSec app for Splunk
You must install the following supporting Splunk apps and add-ons from Splunkbase before you can use the InfoSec app for Splunk:
- Splunk Common Information Model (CIM)
- Punchcard visualization
- Force Directed app for Splunk
- Lookup File Editor
A requirement for the InfoSec app versions 1.5 and higher. - Splunk Sankey Diagram visualization
An optional prerequisite for the experimental VPN Access dashboard version 1.5.3 and higher.
Optionally, you can also install the following three apps and add-ons:
The Splunk Security Essentials (SSE) app includes hundreds of additional security searches that you can integrate into the Splunk InfoSec App. The SSE app also includes comprehensive guided data on-boarding examples that can help identify the data sources required to enable the security controls and assist in the configuration of the underlying data source.
The third-party Alert Manager app and Alert Manager add-on provide an incident management capability with simple workflows to support the management of triggered alerts from within the Splunk InfoSec app.
For more information on installing and configuring the SSE app, see the Splunk Security Essentials app documentation. For more information on installing and configuring the Alert Manager app, see the Alert Manager documentation.
You can install any of these apps within Splunk Cloud except the Splunk Common Information Model (CIM) app.
Access the additional apps or add-ons
Follow these steps to access the additional app or add-ons in your Splunk Cloud or Splunk Enterprise environment:
Steps
- Log into your Splunk environment with an account that has administrative privileges.
- In Splunk Web, select the App menu in the menu bar.
- Click Find More Apps.
- Type the name of the app or add-on in the search bar.
The app is listed as one of the available apps for installation.
Install the additional app or add-on
Follow these steps to install the additional app or add-on in your Splunk Cloud or Splunk Enterprise environment:
- In your Splunk platform instance, click Install next to the additional app or add-on name.
- Log in with the credentials that you use to log in to the Splunk Support Portal on
www.splunk.com
website or Splunkbase. - Confirm that the additional app or add-on is installed by selecting the app or add-on from the app menu.
You are ready to configure the InfoSec app. Proceed to confirm the health of the Splunk Infosec app. See Confirm the health of the Splunk InfoSec app.
Troubleshoot access to the InfoSec app for Splunk | Collect data from data sources to use the InfoSec app for Splunk |
This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0
Feedback submitted, thanks!