Solved: How to get a Splunk Cloud Enterprise Security adap...

chaker · ‎02-27-2018

Running Enterprise Security on Splunk Cloud, how can I get an adaptive response such as a ping to run on a local HF/UF/SH?

chaker · ‎08-08-2022

This has been solved for a few versions now.

https://docs.splunk.com/Documentation/ES/7.0.1/Admin/Adaptiveresponserelay

View solution in original post

chaker · ‎08-08-2022

This has been solved for a few versions now.

https://docs.splunk.com/Documentation/ES/7.0.1/Admin/Adaptiveresponserelay

esix_splunk · ‎03-18-2018

Currently there is no direct fix for this. Splunk Cloud customers can currently run AR on other cloud based services, or you can create your own AR that would connect back to your onpremise deployment.

The later option does require a vetting process, and does have to adhere to guidelines as outlined here : http://dev.splunk.com/view/app-cert/SP-CAAAE85

One of the key take aways here, is that any type of outbound communication from Splunk Cloud has to be over SSL, and any credentials use for authentication cannot be stored in clear text.

I'd recommend building your integration via the Splunk Addon Builder (TA Builder) : https://splunkbase.splunk.com/app/2962/

Cheers

starcher · ‎03-03-2018

ES adaptive responses run on the ES search head. Not remotely executed on other systems.

chaker · ‎03-04-2018

How does a Splunk Cloud customer, run adaptive responses on their internal network?

How to get a Splunk Cloud Enterprise Security adaptive response (ping) to run on a local HF/UF/SH?

using Enterprise Security

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...