Install the Splunk App for Splunk Attack Analyzer
You can install the Splunk App for Splunk Attack Analyzer on Splunk Cloud Platform, or you can install it on Splunk Enterprise in a single-instance or distributed environment.
The Splunk App for Splunk Attack Analyzer doesn't interfere with or impact Splunk Enterprise Security. You can safely install the Splunk App for Splunk Attack Analyzer on a Splunk Enterprise Security search head or search head cluster.
Prerequisites
- Purchase Splunk Attack Analyzer.
You must purchase Splunk Attack Analyzer to use the app.
- Download the Splunk Add-on for Splunk Attack Analyzer from Splunkbase.
- Install and configure the Splunk Add-on for Splunk Attack Analyzer.
- Download the Splunk App for Splunk Attack Analyzer from Splunkbase.
- Check the Splunk App for Splunk Attack Analyzer installation requirements to ensure compatibility. See Installation requirements and version dependencies.
Install on a Splunk Enterprise single-instance deployment
In a single-instance deployment, you can install the Splunk App for Splunk Attack Analyzer on your Splunk Enterprise search head using Splunk Web or a downloaded file.
Install the app using Splunk Web
- Log in to your Splunk Enterprise search head.
- In the Applications menu, select Find More Apps.
- On the Browse More Apps page, select or search for the Splunk App for Splunk Attack Analyzer and select Install.
- Enter your splunk.com credentials.
- Accept the license terms.
- Select Login and Install.
- Select Done.
- Restart Splunk Enterprise to complete the installation.
Install the app from a downloaded file
- Log in to splunkbase.splunk.com.
- Search for and download the Splunk App for Splunk Attack Analyzer and save it to an accessible location.
- Log in to your Splunk Enterprise search head.
- On the Apps menu, select Manage Apps.
- On the Apps page, select Install app from file.
- On the Upload app page, select the Choose file button and locate the app in your files.
- Select Upload.
- Select Done.
- Restart Splunk Enterprise to complete the installation.
Install on a Splunk Enterprise distributed deployment
In a distributed deployment, install the Splunk App for Splunk Attack Analyzer on search heads only. This app is safe to install in large clusters because it has no impact on indexers. For installation instructions, see Install an add-on in a distributed Splunk Enterprise deployment in the Splunk Supported Add-ons manual.
Install on Splunk Cloud Platform
You can install the Splunk App for Splunk Attack Analyzer on your Splunk Cloud Platform deployment. For more information, see Install apps in your Splunk Cloud Platform deployment in the Splunk Cloud Platform Admin Manual.
Next step
Configure macros in the Splunk App for Splunk Attack Analyzer.
Installation requirements and version dependencies | Configure macros in the Splunk App for Splunk Attack Analyzer |
This documentation applies to the following versions of Splunk® App for Splunk Attack Analyzer: 1.0.0, 1.1.0, 1.1.1, 1.2.0
Feedback submitted, thanks!