Splunk Enterprise Security

Having some doubts about Updating Splunk Apps

zacksoft_wf
Contributor

I have some doubts about Updating Splunk Apps.

1. The Splunk Apps that comes pre-built/packed with Enterprise Security such as Extreme Search, RapidDiag, Splunk AddOn for UEBA etc.... Do they automatically get updated to newer version. Also  I can't find them on Splunkbase.

2. The apps that come packaged with Splunk , do they show like regular apps when searched under the 'Manage App' option? Is there any way by looking at it to know, if the app is built into Splunk Or downloaded separately from Splunkbase Or developed by in-house team ?



Labels (1)
0 Karma
1 Solution

Stefanie
Builder

Extreme Search was deprecated some time ago. After upgrading Enterprise Security do you follow through the Set Up part of it?  You can get to it through 

(Your Splunk website)/en-US/app/SplunkEnterpriseSecuritySuite/ess_setup?action=edit

 

This automatically removes deprecated apps and installs the new versions of included apps.

 

 

Splunk Rapid Diag is an app that's pre-installed with Splunk.

View solution in original post

Stefanie
Builder

1. Yes those apps that come with Splunk Enterprise Security will be updated after you install a new version of Enterprise Security and then run through the Configuration pages.

 

2. Yes. Your best bet to find out if an app is built into Splunk by looking at the Version number. The Version number is the same as the version number of your Splunk Enterprise installation.

0 Karma

zacksoft_wf
Contributor

Thanks @Stefanie  for the response.
Splunk_RapidDiag and Extreme Search are built into Splunk.  But when I see my Splunk Enterprise version it is 8.1.4, but RapidDiag and Extreme Search has version 1.4.0 and 2.4.4 respectively.

0 Karma

Stefanie
Builder

Extreme Search was deprecated some time ago. After upgrading Enterprise Security do you follow through the Set Up part of it?  You can get to it through 

(Your Splunk website)/en-US/app/SplunkEnterpriseSecuritySuite/ess_setup?action=edit

 

This automatically removes deprecated apps and installs the new versions of included apps.

 

 

Splunk Rapid Diag is an app that's pre-installed with Splunk.

zacksoft_wf
Contributor

@Stefanie Would you happen to know if "Splunk Add-on for UEBA " app comes pre-installed with Splunk and whether it is active or deprecated ?

0 Karma

Stefanie
Builder

It is active.

 

How do I obtain the Splunk Add-on for Splunk UBA?

The Splunk Add-on for UBA is not available for download on Splunkbase. The add-on is installed by default with Splunk Enterprise Security (ES). If you find that the Splunk Add-on for UBA is not installed, run the Splunk Enterprise Security Post-Install Configuration again and ensure that Splunk_TA_ueba is selected for installation. See Install Splunk Enterprise Security in the Splunk Enterprise Security Installation and Upgrade manual.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...