Splunk® Quick Start Bundles

Splunk Quick Start Bundles

Download manual as PDF

Download topic as PDF

Splunk Quick Start Bundle for Security Investigation - Endpoint

Splunk Quick Start Bundles are offerings you can purchase though Splunk Sales. Each bundle includes a Splunk Enterprise license, Splunk Education units, ticket(s) to .conf, and a fixed quantity of Splunk Professional Services work. Further, they can include recommendations for specific apps and add-ons you may wish to download and install.

Access the data sheet or contact Splunk Sales to learn more about this Splunk Quick Start Bundle.

Installation Overview

If you have purchased the Splunk Quick Start Bundle for Security Investigation - Endpoint, follow these instructions for a smooth deployment.

  1. Look for an email from Splunk Order Management. Review the license and components that you have purchased; refer to Components below. Contact your Splunk Sales Representative if your order email is inaccurate.
  2. Prepare your operating environment. Review the Compatibility section and ensure that your operating environment adheres to the specifications.
  3. Review the list of apps and add-ons that your Quick Start Bundle recommends installing.
  4. Contact your Splunk Sales Representative to arrange a call with a Splunk Customer Success Manager (CSM).
  5. With the CSM, schedule a kick-off call and arrange for a remote deployment engagement with a Professional Services Engineer. Prepare any questions you might have for your Professional Services Engineer.
  6. Follow the advice of the CSM and prepare all information required for your remote deployment engagement.
  7. Attend your remote deployment engagement. Work with your Splunk Professional Services Engineer on your scheduled date(s).
  8. After the Professional Services Engineer has completed your deployment, review the additional sections in this documentation to learn more about your Quick Start Bundle. Direct any of your questions to Splunk Customer Support.


Components

Splunk Enterprise

term license

Professional Services

(days)

Customer Success

Manager (days)

Education units .conf passes
20 GB/day 3 1 10 1
50 GB/day 4 1 20 1
100 GB/day 5 1 20 2

Your Splunk Enterprise term license includes Splunk Customer Support.

Compatibility

The Splunk Quick Start Bundle for Security Investigation - Endpoint is compatible with the following Splunk products.

Splunk Enterprise 6.5.x or later

Single-instance deployment only

Splunk Cloud not compatible


Professional Services remote deployment engagement

This Quick Start Bundle includes the services of a Splunk Professional Services Engineer and Customer Success Manager. They work with you to complete the following tasks:

  1. Conduct a remote deployment engagement kick-off call.
  2. Conduct an architecture planning session.
  3. Install and configure your single instance of Splunk Enterprise.
  4. Deploy up to eight apps and add-ons and set up rsyslog.
  5. Validate that your instance is collecting data properly.
  6. Time permitting, offer insight in exploring your data.
  7. Conduct a follow-up call (CSM only).

Consult your quote for more details about your Splunk Professional Services engagement.

Redeem Splunk Education units

Following your order confirmation, you will receive an email from Splunk which includes a PDF attachment titled “Elearning agreement”. This document provides you with the instructions for redeeming your Education Units.


Obtain .conf passes

Contact your Splunk Sales Representative or the Splunk reseller from whom you purchased the bundle to obtain the .conf passes included with your bundle.


Download, install, and configure apps and add-ons

The licenses that this bundle includes enables you to use several Splunk apps and add-ons. Install and configure the apps and add-ons individually.

1. From Splunkbase, download as many of the following apps and add-ons as you like:

Alternatively, you can browse and install apps and add-ons from within your instance of Splunk Enterprise. See Where to get more apps and add-ons in the Admin Manual.


2. Install each app and add-on individually on your instance of Splunk Enterprise.

App or add-on Installation instructions
Splunk Add-on for Bit9 Carbon Black

a. Install an add-on in a single-instance Splunk Enterprise deployment

b. Download and run the Carbon Black Event Forwarder utility

CyclancePROTECT App for Splunk This is a Developer Supported product. Refer to Overview on Splunkbase.
ForeScout Technology Add-on for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
ForeScout App for Splunk v2.5 This is a Developer Supported product. Refer to Details on Splunkbase.
Splunk Add-on for Windows Install the Splunk Add-on for Windows
Add-on for Microsoft Sysmon This is a Community Supported product. Refer to Details on Splunkbase.
Tanium Splunk Application This is a Developer Supported product. Refer to Details on Splunkbase.
TA-Ziften This is a Developer Supported product. Refer to Details on Splunkbase.


3. Follow the configuration instructions for each app and add-on to set up each product individually and start getting data in to your Splunk Enterprise instance.

App or add-on Configuration instructions
Splunk Add-on for Bit9 Carbon Black Configure monitor inputs for the Splunk Add-on for Bit9 Carbon Black
CyclancePROTECT App for Splunk This is a Developer Supported product. Refer to Overview on Splunkbase.
ForeScout Technology Add-on for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
ForeScout App for Splunk v2.5 This is a Developer Supported product. Refer to Details on Splunkbase.
Splunk Add-on for Windows Configure the Splunk Add-on for Windows
Add-on for Microsoft Sysmon This is a Community Supported product. Refer to Details on Splunkbase.
Tanium Splunk Application This is a Developer Supported product. Refer to Details on Splunkbase.
TA-Ziften This is a Developer Supported product. Refer to Details on Splunkbase.

Contact Splunk Customer Support

Following your order confirmation, you will receive an email from Splunk which includes a PDF attachment titled “Welcome to Splunk Enterprise Support”. This document provides you with the instructions for contacting Splunk Customer Support if you need help after your remote deployment engagement.

PREVIOUS
Splunk Quick Start Bundle for Security Investigation - Infrastructure
  NEXT
Splunk Quick Start Bundle for SIEM

This documentation applies to the following versions of Splunk® Quick Start Bundles: 1.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters