Access and install the InfoSec app for Splunk
The InfoSec app for Splunk is a free app for the Splunk platform that you can download and install into your Splunk environment from Splunkbase. For more information on the prerequisites to install the InfoSec app, see Prerequisites to install the InfoSec app for Splunk.
The process to access the InfoSec app is different for Splunk Cloud than it is for Splunk Enterprise.
Access the InfoSec app on Splunk Cloud
You cannot install the InfoSec app when using an Inputs Data Manager (IDM). IDM is a heavy forwarder that Splunk Cloud provides to assist with the collection of event data from cloud-based services like AWS, Azure, and so on. If you use Microsoft365, AWS or other cloud service data sources in your Splunk environment, you must install technology Add-ons on the IDM through a support request. You can open a support request with Customer Support and request that the InfoSec app be installed on the search head.
If you are using the Common Information Model (CIM) app along with the InfoSec app for Splunk, you must also open a support request to install the CIM app.
Follow these steps to access the InfoSec app on Splunk Cloud:
- Log into your Splunk environment with an account that has administrative privileges.
If you are a new Splunk Cloud customer, you see two instances:
https://<stackname>.splunkcloud.comhttps://idm-<stackname>.splunkcloud.com
https://<stackname>.splunkcloud.comis the primary Splunk environment where you must install the InfoSec app. - Log into
https://idm-<stackname>.splunkcloud.com.
- In Splunk Web, select the app menu in the menu bar.
- Click Find More Apps.
- Type "Infosec app for Splunk". The "InfoSec App for Splunk" is listed as one of the available apps for you to install.
Access the InfoSec app on Splunk Enterprise
Follow these steps to access the Splunk InfoSec app on Splunk Enterprise:
- Log into your Splunk environment with an account that has administrative privileges.
- In Splunk Web, select the app menu in the menu bar.
- Click Find More Apps.
- Type "Infosec app for Splunk". The "InfoSec App for Splunk" is listed as one of the available apps for you to install.
Install the InfoSec app for Splunk
If you have a larger distributed Splunk Enterprise environment, you only need to install the InfoSec app on the search head. You need not install the InfoSec app on the indexers. If your Splunk environment also includes search head clusters, you must use the deployer to push the app out to all the cluster peers. For more information on using the deployer to install the app, see Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search Manual.
For more information on the prerequisites to install the InfoSec app, see Prerequisites for installing the InfoSec app for Splunk.
Follow these steps to install the InfoSec app to your Splunk Cloud or Splunk Enterprise deployment:
- In your Splunk platform instance, click Install next to InfoSec Aapp for Splunk.
- Log in with the credentials that you use to log in to Splunk Support Portal on
www.splunk.comor Splunkbase.
Login credentials are not the same as your Splunk platform instance account login. To set up awww.splunk.comaccount, see Sign up for a splunk.com account.
- To confirm that the Infosec app is installed, click InfoSec app for Splunk from the App menu.
Next steps
You might see a few errors on the InfoSec app dashboard. These errors occur because you need to take further steps to install the additional apps and add-ons before you can use the InfoSec app.
Proceed to install the additional apps and add-ons to use the InfoSec app. See Install additional apps and add-ons to use the Splunk InfoSec app.
| Prerequisites to install the InfoSec app for Splunk | Troubleshoot access to the InfoSec app for Splunk |
This documentation applies to the following versions of Splunk® InfoSec App: 1.6.4, 1.7.0
Download manual
Feedback submitted, thanks!