What are the pro's & Cons of connecting Splunk Ent...

SamHTexas · ‎07-21-2021

Also is it advisable to leave them connected to internet only for short times for for example " Threat list" for Mittre-attack to gets downloaded? I get a lot of errors when updates don't get updated.

richgalloway · ‎07-21-2021

If you need Splunk connected to the Internet (and it sounds like you do) then leave it connected.

Pros: threat feeds arrive; alerts go out; update checking works; app updates work; less noise in the logs

Cons: "less secure"

---
If this reply helps you, Karma would be appreciated.

SamHTexas · ‎07-21-2021

Thank u again. As far as apps. I have about 80 apps & TAs that needs updating. My understanding is that I need to download the new ones & update the apps one at time. Am I right?

richgalloway · ‎07-21-2021

You are correct. There are a couple of ways to update apps, but all of them require tedious manual clicking. If you update from the Manage Apps page then Splunk does most of the work for you.

If your REST and programming skills are high enough then you may be able to automate the work.

---
If this reply helps you, Karma would be appreciated.

What are the pro's & Cons of connecting Splunk Enterprise & ES to Internet?

configuration

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

What are the pro's & Cons of connecting Splunk Enterprise & ES to Internet?

configuration

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!