Splunk Enterprise Security

How does one remove the Enterprise Security Suite?

proletariat99
Communicator

I tried $SPLUNK_HOME$/bin/splunk remove app SplunkEnterpriseSecuritySuite and it tells me "app doesn't exist" -- It does... I'm looking at it. Same thing when I try to uninstall any of the SA or DA apps using the splunk binary.

I'm about to hard rip the directories but I just wanted to check to see if anyone had a more elegant way of doing this.

0 Karma
1 Solution

aelliott
Motivator

Deleting the apps in the app directories is the way I did it, it worked like a charm and was though it never existed.

View solution in original post

aelliott
Motivator

Deleting the apps in the app directories is the way I did it, it worked like a charm and was though it never existed.

saurabh_tek
Communicator

But after that i have seen that some apps like Deep security and Fortinet stopped collecting the data in real time..

0 Karma

mloven_splunk
Splunk Employee
Splunk Employee

Hey proletariat99, the change from https to http is expected. The Splunk App for Enterprise Security changes splunkweb from http to https, so upon removal, it would revert back.

Also, if you're antsy about removing apps in the future, you can just move an app to the disabled-apps directory $SPLUNK_HOME/etc/disabled-apps) and restart. That way they're always there if you want to move them back.

wrangler2x
Motivator

Did not noticed disabled-apps before. Interesting.

0 Karma

proletariat99
Communicator

Thanks. I just needed one confirmation before I felt okay pulling the trigger.

So I removed all the apps by using the following commands:
$ rm -rf SplunkEnterpriseSecurity*
$ rm -rf SA-*
$ rm -rf DA-ESS*

The only thing to note is that my local splunk (6.0) instance went from using ssl (https://127.0.0.1:8000) to not ssl (http://127.0.0.1:8000).

I thought that was odd, because I didn't change anything else.

Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...