Developing for Splunk Enterprise

Splunk as Patch Management

test_qweqwe
Builder

Hello.
How best to implement Patch Management in Splunk for Win\Linux?
Maybe some blogs, articles, APPs that can help me.

0 Karma
1 Solution

test_qweqwe
Builder

Perfect! Love u!

0 Karma

richgalloway
SplunkTrust
SplunkTrust

It's not clear what you mean by "patch management".

Perhaps you want to deploy patches to your Windows and Linux servers. Splunk is not a patch management system. You would need a separate product, like Microsoft SCCM or IBM Bigfix for that.

Perhaps you want to patch Splunk itself. Splunk does not ship patches. New versions of Splunk are released at intervals. To keep your Splunk instances current, install the new versions when they come out. Many shops choose to stay one or two versions to avoid unknown bugs.

Perhaps you want to track which patches are installed on your Windows and Linux systems. This is a great use for Splunk. You will, however, need a way to feed Splunk with two lists: 1) the software installed on your systems, including patch identifiers; 2) the software expected to be on those systems, including patch identifiers. Splunk can identify differences between those lists and highlight them for you.

---
If this reply helps you, an upvote would be appreciated.

test_qweqwe
Builder

Yea, I need to track which patches are installed on my Windows and Linux systems.
But I really don't know how to realize such solution and I asked for some help, maybe there are already implemented solutions? Maybe some apps?

0 Karma

nikita_p
Contributor

Hi @test_qweqwe,
Could you go through below splunk docs?
https://docs.splunk.com/Documentation/PCI/3.4.1/Install/SystemPatchStatus

test_qweqwe
Builder

Yes, I saw this article, but I still not understand how can i realize it.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That article is part of a larger document for the Splunk App for PCI Compliance app. The article by itself is not very helpful - you'd need to read most of the entire document and even then it's of little use without installing the app. One gets the app from Splunk Sales so there may be an extra cost involved.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!