Splunk UBA installation checklist
Install Splunk UBA with assistance from Splunk Professional Services.
You can unify your security operations lifecycle by using Splunk Enterprise Security (ES) in conjunction with Splunk UBA. The combined solution provides a centralized view that can help SOC teams quickly respond to prioritized, high-fidelity threats. See, Splunk for Advanced Analytics and Threat Detection.
Checklist of tasks to install Splunk UBA
Use this checklist if you are a new Splunk UBA customer installing a Splunk UBA platform release for the first time. See About Splunk User Behavior Analytics and release types for information about how to determine if your Splunk UBA release is a platform release.
If you are an existing customer and want to upgrade to a more recent version of Splunk UBA, see How to install or upgrade to this release of Splunk UBA for upgrade instructions.
Perform all tasks in the table in the order that they are listed.
Number | Task | Description | Documentation |
---|---|---|---|
1 | Review known issues | Review the known issues reported in this Splunk UBA release. | See Known issues in Splunk UBA in the Splunk User Behavior Analytics Release Notes. |
2 | Verify sizing | You can install Splunk UBA in a single-server deployment or in a distributed deployment. All servers must meet the system requirements. Verify that the planned architecture of the system meets the requirements for the desired EPS and number of accounts, devices, and data sources. | See Scaling your Splunk UBA deployment in the Plan and Scale your Splunk UBA Deployment manual. |
3 | Verify hardware requirements | Verify hardware requirements such as the minimum IOPS of the storage subsystem, and the disk space and RAM on all nodes. | See Hardware requirements. |
4 | Verify operating system requirements | Verify that your system is running a supported operating system. Automatic OS updating must be turned off on all nodes. Installing Splunk UBA on hardened operating systems is not supported. |
See Operating system requirements. |
5 | Verify permissions | Verify that you are able to log in to each node and that root account permissions exist.
|
See User access requirements. |
6 | Verify networking requirements | Verify networking requirements such as node connectivity, port availability, IP address assignments, and DNS configuration. | See Networking requirements. |
7 | Configure host name lookup and DNS | Configure the host name lookup and DNS settings in your environment so that all Splunk UBA nodes can communicate with each other. | See Configure host name lookup and DNS. |
8 | Verify Splunk platform user account requirements | A properly configured Splunk user account is required to send data from the Splunk platform to Splunk UBA. | See Requirements for connecting to and getting data from the Splunk platform. |
9 | Install Splunk UBA | Perform any remaining platform-specific tasks that are needed, and then download and install the Splunk UBA software and perform the installation. | See Install Splunk User Behavior Analytics. |
10 | Verify the installation | Open a supported web browser and log in to the public IP address with admin credentials to confirm a successful installation. | See Verify successful installation. |
Next steps after installing Splunk UBA
Perform the tasks summarized in the table after Splunk UBA is successfully installed.
Number | Task | Description | Documentation |
---|---|---|---|
1 | Secure the default account | Change the password for the default admin account, and optionally restrict sudo access.
|
See Secure the default account after installing Splunk UBA. |
2 | Configure Splunk UBA | Perform additional tasks to configure Splunk UBA: |
|
3 | Administer Splunk UBA | Administer user accounts and monitor the health of your deployment. |
|
4 | Add data to Splunk UBA | After Splunk UBA is installed and configured, add human resources (HR) data and assets data from the Splunk platform as your first data sources. | See Which data sources do I need? in the Get Data into Splunk User Behavior Analytics manual. |
How to install or upgrade to this release of Splunk UBA | System requirements for Splunk UBA |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.4.0, 5.4.1
Feedback submitted, thanks!