Splunk Enterprise Security Suite Installation
This post covers how to install the Splunk premium app “Splunk Enterprise Security”, this is just not an app rather it’s a collection of Splunk apps.
If you need any help with the Splunk Enterprise installation, check the link below,
https://splunkonbigdata.com/how-to-install-splunk-on-linux-server/
Since, Splunk ES is a premium solution it’s not available for free trial as the Splunk Enterprise but Splunk offers a free cloud trial for 7 days which can be availed after creating a Splunk account.
CAUTION: Before you proceed with the installation, please have a look at the Splunk’s product compatibility matrix at –
https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/CompatMatrix
Step 1: On your Splunk Search head Navigate to Manage Apps >> Install app from file and upload the Splunk Enterprise Security App.
Step 2: Once the Installation is successful, click on the Set up now
Step 3: From the list of available add-ons , exclude the ones you don’t need and disable the ones that you want to install now but plan to use in future, click on start configuration.
Once the configuration process is complete click on the Restart Splunk button to finish the installation.
NOTE: The different TA(s) that come with the Splunk ES suite are related to different technologies and help you leverage the integrations of these technologies with splunk, in case you are in doubt about some TA please exclude it as you can always download these TA(s) from splunkbase, the repository of all splunk app and add-ons.
https://splunkbase.splunk.com/
Step 4: After restarting Splunk move to the Enterprise Security app, you should see a screen as below, that means the configuration was successful.
Click on the Home to open the Splunk ES home page.
That’s it the Splunk ES is ready for action and to give a boost to your company’s security operations.
Happy Splunking!!
