Building for the Splunk Platform

Splunk as Patch Management

test_qweqwe
Builder

Hello.
How best to implement Patch Management in Splunk for Win\Linux?
Maybe some blogs, articles, APPs that can help me.

0 Karma
1 Solution

test_qweqwe
Builder

Perfect! Love u!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It's not clear what you mean by "patch management".

Perhaps you want to deploy patches to your Windows and Linux servers. Splunk is not a patch management system. You would need a separate product, like Microsoft SCCM or IBM Bigfix for that.

Perhaps you want to patch Splunk itself. Splunk does not ship patches. New versions of Splunk are released at intervals. To keep your Splunk instances current, install the new versions when they come out. Many shops choose to stay one or two versions to avoid unknown bugs.

Perhaps you want to track which patches are installed on your Windows and Linux systems. This is a great use for Splunk. You will, however, need a way to feed Splunk with two lists: 1) the software installed on your systems, including patch identifiers; 2) the software expected to be on those systems, including patch identifiers. Splunk can identify differences between those lists and highlight them for you.

---
If this reply helps you, Karma would be appreciated.

test_qweqwe
Builder

Yea, I need to track which patches are installed on my Windows and Linux systems.
But I really don't know how to realize such solution and I asked for some help, maybe there are already implemented solutions? Maybe some apps?

0 Karma

nikita_p
Contributor

Hi @test_qweqwe,
Could you go through below splunk docs?
https://docs.splunk.com/Documentation/PCI/3.4.1/Install/SystemPatchStatus

test_qweqwe
Builder

Yes, I saw this article, but I still not understand how can i realize it.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That article is part of a larger document for the Splunk App for PCI Compliance app. The article by itself is not very helpful - you'd need to read most of the entire document and even then it's of little use without installing the app. One gets the app from Splunk Sales so there may be an extra cost involved.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...