https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556129#M12336 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/235516">@Nikolozts</a>,</P><P>I use Windows only on my pc for test, never for production systems.</P><P>About requirements, you can see at&nbsp;<A href="https://docs.splunk.com/Documentation/ES/6.5.1/Install/DeploymentPlanning" target="_blank">https://docs.splunk.com/Documentation/ES/6.5.1/Install/DeploymentPlanning</A>&nbsp;</P><P>But Anyway, I continue to hint to call a Splunk Partner for the Demo, otherwise you risk to not correctly evaluate ES, if you don't know anyone, contact me with a private message.</P><P>In addition, using a demo environment, you already have many log sources to see how ES works, in your lab, you have to ingest logs before to start to install ES and, if you haven't experience on Splunk, it could be a long job.</P><P>You have to:</P><UL><LI>prepare Server,</LI><LI>install Splunk Enterprise,</LI><LI>install Universal Forwarder (Splunk Agent) on servers,</LI><LI>open firewall routes,</LI><LI>configure them,</LI><LI>configure syslogs from appliances,</LI><LI>install and configure Technical Add-Ons on Splunk Enterprise,</LI><LI>install Splunk ES and its modules,</LI><LI>configure it,</LI><LI>activate Data Models and Correlation Searches.</LI></UL><P>An expert could do the work in few days (except firewall routes, agents and syslogs), if you aren't an expert it surely will be a longer work.</P><P>Ciao.</P><P>Giuseppe</P> Thu, 17 Jun 2021 07:32:38 GMT gcusello 2021-06-17T07:32:38Z https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556100#M12330 <P>Hello,</P><P>I have PoC.&nbsp;<SPAN>&nbsp;I wonder where I could find the documentation and videos about installation, administration, system requirements and licensing of Splunk SIEM. I have no experience in installing or configuration it. I interesing in how to work splunk siem? How collect logs and events? How it is licensed? I searched some information and see 30gb/day I confused this is all events and log size daily?&nbsp;I am ready to receive all information and recommendations about splunk SIEM</SPAN></P> Thu, 17 Jun 2021 06:04:09 GMT https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556100#M12330 Nikolozts 2021-06-17T06:04:09Z https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556104#M12331 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/235516">@Nikolozts</a>,</P><P>I can confirm, from my experience, that Splunk Enterprise Security (the Splunk SIEM) is one of the best SIEM on the market, and Gartner confirm my idea.</P><P>Installation isn't so immediate, because you have to install Splunk Enterprise (easy!) and then Splunk ES with all its modules, then you have to configure it .</P><P>I hint to ask to a Splunk partner (if you are in Italy or near I can propose myself) to make a demo ti you and then open a demo environment on Splunk Cloud.</P><P>Anyway, on youtube you can find some videos about this:</P><P><A href="https://www.youtube.com/watch?v=KoIY-_2ItSc&amp;pp=ugMICgJpdBABGAE%3D" target="_blank">https://www.youtube.com/watch?v=KoIY-_2ItSc&amp;pp=ugMICgJpdBABGAE%3D</A></P><P><A href="https://www.youtube.com/watch?v=IA2QwdpCm74&amp;pp=ugMICgJpdBABGAE%3D" target="_blank">https://www.youtube.com/watch?v=IA2QwdpCm74&amp;pp=ugMICgJpdBABGAE%3D</A></P><P><A href="https://www.youtube.com/watch?v=9D00ysP5Hbg&amp;t=646s" target="_blank">https://www.youtube.com/watch?v=9D00ysP5Hbg&amp;t=646s</A></P><P><A href="https://www.youtube.com/watch?v=HN4zGIyi3PI" target="_blank">https://www.youtube.com/watch?v=HN4zGIyi3PI</A></P><P><A href="https://www.youtube.com/watch?v=h2_MiD9OC_8&amp;list=PLxkFdMSHYh3Qx3Ct9ZzeL7accYO2rE_ZB" target="_blank">https://www.youtube.com/watch?v=h2_MiD9OC_8&amp;list=PLxkFdMSHYh3Qx3Ct9ZzeL7accYO2rE_ZB</A></P><P><A href="https://www.youtube.com/watch?v=M1JXeQTiQBQ&amp;pp=ugMICgJpdBABGAE%3D" target="_blank">https://www.youtube.com/watch?v=M1JXeQTiQBQ&amp;pp=ugMICgJpdBABGAE%3D</A></P><P>About your questions:</P><P>Splunk Enterprise collect every kind of logs,</P><P>using some own modules (called Technical Add-Ons) parse these logs and normalize them in CIM format,</P><P>Splunk ES takes these logs, correlate and use them into some Use Cases,</P><P>there are around 300 Use Cases already ready, then you can create your own Use Cases.</P><P>Both Splunk Enterprise and Splunk ES are licensed based on the logs daily indexed, you have to buy both a license for Splunk Enterprise and Splunk ES,</P><P>The volume of daily indexed logs depends on the perimeter to monitor: how many servers, firewalls, proxies, is there packet capure, are there application logs, etc...?</P><P>Here you can find all the information about ES:&nbsp;<A href="https://docs.splunk.com/Documentation/ES/6.5.1/User/Overview" target="_blank">https://docs.splunk.com/Documentation/ES/6.5.1/User/Overview</A></P><P>Ciao.</P><P>Giuseppe</P> Thu, 17 Jun 2021 06:24:37 GMT https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556104#M12331 gcusello 2021-06-17T06:24:37Z https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556105#M12332 <P>Hi<BR />If you have limited time and resources for this PoC, I propose that contact to your nearest Splunk Partner and ask that they could help you with it. I suppose that this will be the most cost efficient way to do it.</P><P><A href="https://partners.splunk.com/locator/" target="_blank">https://partners.splunk.com/locator/</A></P><P>r. Ismo</P> Thu, 17 Jun 2021 06:25:56 GMT https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556105#M12332 isoutamo 2021-06-17T06:25:56Z https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556125#M12335 <P>Thank you very much for the quick reply. I will look carefully at the links provided by you. What are the minimum&nbsp;system recommended requirements and your experience which one is the best operating system for Splunk SIEM? Of course I think about installing it on Linux but which is the fully supported system?&nbsp;Are there any restrictions on Windows system?</P> Thu, 17 Jun 2021 07:20:54 GMT https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556125#M12335 Nikolozts 2021-06-17T07:20:54Z https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556129#M12336 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/235516">@Nikolozts</a>,</P><P>I use Windows only on my pc for test, never for production systems.</P><P>About requirements, you can see at&nbsp;<A href="https://docs.splunk.com/Documentation/ES/6.5.1/Install/DeploymentPlanning" target="_blank">https://docs.splunk.com/Documentation/ES/6.5.1/Install/DeploymentPlanning</A>&nbsp;</P><P>But Anyway, I continue to hint to call a Splunk Partner for the Demo, otherwise you risk to not correctly evaluate ES, if you don't know anyone, contact me with a private message.</P><P>In addition, using a demo environment, you already have many log sources to see how ES works, in your lab, you have to ingest logs before to start to install ES and, if you haven't experience on Splunk, it could be a long job.</P><P>You have to:</P><UL><LI>prepare Server,</LI><LI>install Splunk Enterprise,</LI><LI>install Universal Forwarder (Splunk Agent) on servers,</LI><LI>open firewall routes,</LI><LI>configure them,</LI><LI>configure syslogs from appliances,</LI><LI>install and configure Technical Add-Ons on Splunk Enterprise,</LI><LI>install Splunk ES and its modules,</LI><LI>configure it,</LI><LI>activate Data Models and Correlation Searches.</LI></UL><P>An expert could do the work in few days (except firewall routes, agents and syslogs), if you aren't an expert it surely will be a longer work.</P><P>Ciao.</P><P>Giuseppe</P> Thu, 17 Jun 2021 07:32:38 GMT https://community.splunk.com/t5/Security/Splunk-SIEM-license/m-p/556129#M12336 gcusello 2021-06-17T07:32:38Z