Splunk Enterprise Security

Splunk Enterprise Security: How to deploy the included add-ons to forwarders?

shubham87
Explorer

I have recently deployed Splunk Enterprise Security (ES) on one of our Search Heads. While installing, it could not proceed, since I had two add-ons already installed (Splunk Add-on for Microsoft Windows and Splunk Add-on for Tenable) using my deployment server. I removed those add-ons from the deployment server and I was able to install ES. Now, one section in ES documentation says, "Deploy add-ons included with Splunk Enterprise Security": http://docs.splunk.com/Documentation/ES/4.7.2/Install/InstallTechnologyAdd-ons

Now my question is, how should i deploy these add-ons to my forwarders? Shall i use deployment server to deploy them? Or it conflicts with ES? I am confused.

Regards
Shubham

0 Karma

rpille_splunk
Splunk Employee
Splunk Employee

Hi Shubham,
That documentation page that you were following is the right one to have open while you work through the deployment process. Follow the links to the pages about deploying add-ons in a distributed environment, and also review the documentation (or, if no online documentation is available, read the readme files) of each add-on to determine where you need to deploy it and any limitations about how you should do so. Each add-on is different, so you need to read each doc for each add-on.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...