All Apps and Add-ons

Where do I install the various components for the app?

Dworsnop
Path Finder

Hello all, newbie end-user here. ;o)

I am new to using Splunk in a distributed deployment and I'm struggling to work out where to install the components of the Sophos Central App. (I have my API key details in the config.ini file ready to go.)

I have a Heavy Forwarder, Indexer, Licence Master and Deployment server (together) and a Search head.

On what servers do I install/run the siem.py script and where on a Linux box would I extract the files from the Github .zip to?

Then where do I install the Sophos Central app for Splunk? I assume on the Search Head but I believe it needs to be deployed there via the Deployment server.

Any help or signposting would be very helpful.

Thanks in advance

0 Karma
1 Solution

nickhills
Ultra Champion

Hi There, I am the original creator of this app.

I have just posed this notice as Sophos have released their own supported version of this App.

I am unable to easily support the old application as I no longer have access to a Sophos Central Subscription.
Thanks for your support, but your most reliable future path is probably with the new Sophos app as they will be able to better support you today and in the future.

If you have any questions, feel free to ask.
Happy Splunking

Nick

If my comment helps, please give it a thumbs up!

View solution in original post

0 Karma

Dworsnop
Path Finder

Closing this question now. Got the app working without the Github scripts.

Looking to switch to the Sophos App soon instead though.

0 Karma

nickhills
Ultra Champion

Hi There, I am the original creator of this app.

I have just posed this notice as Sophos have released their own supported version of this App.

I am unable to easily support the old application as I no longer have access to a Sophos Central Subscription.
Thanks for your support, but your most reliable future path is probably with the new Sophos app as they will be able to better support you today and in the future.

If you have any questions, feel free to ask.
Happy Splunking

Nick

If my comment helps, please give it a thumbs up!
0 Karma

Dworsnop
Path Finder

Has anyone else experienced the above 404 error with this app?

nickhills
Ultra Champion

Your best bet is to download the package from Splunk base, rather than the github.

Install the app on your searchhead, and if you want to perform the collection separately also on an hf.

If you go for the split approach, you only need to configure the input on the hf, or if you opt for single box deployment, you can config it on the sh.

Just a side note. I no longer work where I have access to sophos, so I can’t easily update things any longer. I will help where I can, but slightly hamstrung 😞

If my comment helps, please give it a thumbs up!
0 Karma

Dworsnop
Path Finder

Nick, thanks for the speedy reply.

Yes, I got your app from Splunkbase but I was under the impression that I needed to run the Sophos-Central-SIEM-Integration Python script (from Github) in order for the events to go into your app?

I installed your app on a search head in a test environment and upon launching I get a 404 for the "Splunk Add-on for Microsoft Windows: Setup" page.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...