Community Blog
Get the latest updates on the Splunk Community, including member experiences, product education, events, and more!

Improve Your Security Posture in Splunk Enterprise with Splunk Assist

adepp
Splunk Employee
Splunk Employee

This blog post is part 1 of 4 in a series on Splunk Assist. Click the links below to see the other blog posts.

Are you worried about whether your deployment is secure? Are you tired of keeping track of all security vulnerabilities? What about making sure that your hundreds of certificates are not expired?

You’re not alone!

What is Splunk Assist? 

Splunk Assist is a free, fully-managed service that brings the power of Splunk Cloud management insights to Splunk Enterprise deployments - putting your telemetry data to work! 

Splunk Assist provides you with a single place to continuously monitor your deployment and take actions on recommendations to improve your security posture.

Admins receive cloud-powered recommendations to change configurations and make necessary updates to Splunkbase apps to enhance security. It helps you identify unpatched applications, expiring TLS certificates, and insecure configuration settings. 

Based on our initial estimates, the insights and recommendations in Assist may help reduce admins’ efforts spent on platform management tasks by 25%. This time back will allow admins to spend more time on extracting value out of Splunk.

adepp_0-1668032555482.png

In this screenshot we see an overview of the Splunk Assist dashboard which you can find by navigating to the Monitoring Console.

Splunk Assist comes with three helper packages:

  • App Assist: Monitors the apps in your deployment to ensure they are up-to-date and secure.
  • Certificate Assist: Identifies certificate expiry issues and provides suggested actions to mitigate certification expiries according to Splunk security best practice.
  • Config Assist: Monitors the configurations in your deployment and provides insights about those configurations according to Splunk best practices.

How Do I Set Up Splunk Assist? 

Splunk Assist operates as part of the Monitoring Console. It comes with Splunk Enterprise version 9.0 and higher, and you do not have to download or install anything to use it. 

There are four easy steps to enable Assist for your deployment (see How to configure Splunk Assist for more details):

  1. Enable support usage data (SUD): SUD is needed for Assist to collect telemetry data to provide custom insights (for information on how Splunk uses usage data and how to opt into sharing that data for use by Splunk Assist see Share performance and usage data).
  2. Update network settings: Open port 443 and allow outbound traffic to *.scs.splunk.com
  3. Configure the Cloud Monitoring Console (CMC), if you have not already (multi-instance deployment setup steps).
  4. Enable Assist: Click the "Turn on Splunk Assist" button and you’re good to go!

Additional Resources:

Questions or feedback? Contact the team at ssg-splunk-assist@splunk.com.

— Baylie Depp, Product Marketing Manager

Get Updates on the Splunk Community!

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...

Introducing New Splunkbase Governance!

Splunk apps are essential for maximizing the value of your Splunk Experience. Whether you’re using the default ...

3 Ways to Make OpenTelemetry Even Better

My role as an Observability Specialist at Splunk provides me with the opportunity to work with customers of ...