Splunk Enterprise Security

Having some doubts about Updating Splunk Apps

zacksoft_wf
Contributor

I have some doubts about Updating Splunk Apps.

1. The Splunk Apps that comes pre-built/packed with Enterprise Security such as Extreme Search, RapidDiag, Splunk AddOn for UEBA etc.... Do they automatically get updated to newer version. Also  I can't find them on Splunkbase.

2. The apps that come packaged with Splunk , do they show like regular apps when searched under the 'Manage App' option? Is there any way by looking at it to know, if the app is built into Splunk Or downloaded separately from Splunkbase Or developed by in-house team ?



Labels (1)
0 Karma
1 Solution

Stefanie
Builder

Extreme Search was deprecated some time ago. After upgrading Enterprise Security do you follow through the Set Up part of it?  You can get to it through 

(Your Splunk website)/en-US/app/SplunkEnterpriseSecuritySuite/ess_setup?action=edit

 

This automatically removes deprecated apps and installs the new versions of included apps.

 

 

Splunk Rapid Diag is an app that's pre-installed with Splunk.

View solution in original post

Stefanie
Builder

1. Yes those apps that come with Splunk Enterprise Security will be updated after you install a new version of Enterprise Security and then run through the Configuration pages.

 

2. Yes. Your best bet to find out if an app is built into Splunk by looking at the Version number. The Version number is the same as the version number of your Splunk Enterprise installation.

0 Karma

zacksoft_wf
Contributor

Thanks @Stefanie  for the response.
Splunk_RapidDiag and Extreme Search are built into Splunk.  But when I see my Splunk Enterprise version it is 8.1.4, but RapidDiag and Extreme Search has version 1.4.0 and 2.4.4 respectively.

0 Karma

Stefanie
Builder

Extreme Search was deprecated some time ago. After upgrading Enterprise Security do you follow through the Set Up part of it?  You can get to it through 

(Your Splunk website)/en-US/app/SplunkEnterpriseSecuritySuite/ess_setup?action=edit

 

This automatically removes deprecated apps and installs the new versions of included apps.

 

 

Splunk Rapid Diag is an app that's pre-installed with Splunk.

zacksoft_wf
Contributor

@Stefanie Would you happen to know if "Splunk Add-on for UEBA " app comes pre-installed with Splunk and whether it is active or deprecated ?

0 Karma

Stefanie
Builder

It is active.

 

How do I obtain the Splunk Add-on for Splunk UBA?

The Splunk Add-on for UBA is not available for download on Splunkbase. The add-on is installed by default with Splunk Enterprise Security (ES). If you find that the Splunk Add-on for UBA is not installed, run the Splunk Enterprise Security Post-Install Configuration again and ensure that Splunk_TA_ueba is selected for installation. See Install Splunk Enterprise Security in the Splunk Enterprise Security Installation and Upgrade manual.
0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...