Install and configure Splunk Connect for Mission Control
Get data into behavioral analytics service and Splunk Mission Control from Splunk Enterprise Security (ES) on Splunk Cloud Platform with Splunk Connect for Mission Control.
Work with Splunk Support to install Splunk Connect for Mission Control on your Splunk ES search head on Splunk Cloud Platform.
- You must install and setup Splunk ES on Splunk Cloud Platform before you can install Splunk Connect for Mission Control.
- Verify the installation requirements for Splunk Connect for Mission Control, such as compatible product versions and network ports that must be open. See Installation requirements for Splunk Connect for Mission Control in the Get Data into Splunk Mission Control manual.
- Install Splunk Connect for Mission Control. You can use the instructions in Install Splunk Connect for Mission Control in the Get Data into Splunk Mission Control manual.
Perform the following tasks after Splunk Connect for Mission Control is installed:
- Disable the Enable/Disable Splunk Connect for Mission Control's ingestion components modular input on all search heads to prevent assets and identities from being exported every 15 minutes instead of every 24 hours.
- Make sure the Behavior Analytics - Forward Risk Data Model Events - Ingestion search is enabled.
Next Step: See Import assets and identities data from Splunk ES on Splunk Cloud Platform into behavioral analytics service.
Limits
- The export limit for assets and identities data is 1 million entities, even if you have more than 1 million entities.
- The export frequency that we are advertising today is 24 hours. However, customer can trigger the export by disabling and enabling the exporters. As part of these changes, we won't allow any exports within 4 hour interval (even if the customer disable/enable).
How behavioral analytics service calculates risk scores | Import assets and identities data from Splunk ES on Splunk Cloud Platform into behavioral analytics service |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.0
Feedback submitted, thanks!