Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Splunk Enterprise Security to be functional in a CentOS 7 environment?

operaciones
New Member
‎06-06-2017 09:08 AM

I do not know how to configure Splunk Enterprise Security in CentOS 7 to make it functional ... I have seen that the inputs.conf is modified but I do not understand much ... please help

Preview file
1 KB
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎06-06-2017 09:35 AM

Just on the off chance you really were talking about Splunk Enterprise - and not Splunk Enterprise Security! - then this is much easier!

This is the set of docs you should follow for the Install on Linux. Follow the various Redhat sections, Centos and RH are cousins. They're pretty good, mostly self explanatory so I won't repeat them at length here.

Reply

Richfez
SplunkTrust
SplunkTrust
‎06-06-2017 09:32 AM

This is a huge topic. I mean no offense, but I'd heartily suggest connecting with your Splunk Rep and getting Splunk Professional Services help for this.

Regardless, here's the Enterprise Security Installation documentation. I think the best first steps is inventorying lots of things in your environment - where are your servers and users and where do you get information about them, what data sources do you have in your environment and so on. Then you'll determine what is the easiest but most useful things to onboard... really, it's a big, long undertaking.

As an alternative, you may want to start with some of the various not-paid-for security suites. They'll do a lot for you and are usually far easier. For instance,
- The Cisco Security Suite (or maybe the Palo Alto app - you'll have to determine what you have. And keep in mind each of THOSE also has prerequisite add-ons!)
- The Splunk App for windows Infrastructure (again, it'll take some work!)

There's a lot of those specifically for different devices/domains, so you'll have to pick and choose a few. And, even though some of those are complex, they're still far easier than ES is.

If you find a few devices in your environment you'd like to set up, give that a shot and ask away if you run into problems!

Happy Splunking!
-Rich

Reply
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...