If you do not already have one, please work with your Delivery Team to purchase one. You need a Splunk Enterprise license to use external Splunk Enterprise for remote search. Under Assigned role(s), in the Available item(s) box, select phantomdelete to add that role.Ĭonfigure Splunk SOAR (On-premises) instances to use external Splunk EnterpriseĪfter your instances have been installed, configure them to use the external Splunk Enterprise.Deselect the Require password change on first login check box.Under Assigned role(s), in the Available item(s) box, select phantomsearch to add that role.Under Assigned role(s), in the Selected item(s) box, select user to remove that role.Set and confirm a password for this user which complies with your organization's security policies.See Add the phantomsearch and phantomdelete user accounts in Install and Configure Splunk App for SOAR for more information. These instructions use phantomsearch and phantomdelete. ![]() You can use any user names you like for these accounts. The roles are phantomsearch and phantomdelete. Requires two user accounts with roles added by the Splunk App for SOAR. See Set up and use HTTP Event Collector in Splunk Web in the Splunk Enterprise Getting Data In manual.Ĭreate required user accounts for Splunk SOAR (On-premises) Set up the HTTP Event Collector in Splunk.See Where to get more apps and add-ons in the Splunk Enterprise Admin Manual. For a complete list of ports, see required ports. Configure your firewall to allow access.See the Splunk Enterprise Installation Manual. Install and configure Splunk Enterprise from the documentation.The Splunk App for SOAR defines the user roles and indices needed by to use Splunk Enterprise for searches. Review the product compatibility matrix in Check prerequisites for Splunk App for SOAR in the Install and Configure Splunk App for SOAR manual to make sure compatible versions of the Splunk platform and are being used. A cluster also requires an external Splunk Enterprise instance. ![]() You can also configure to use an external Splunk instance for searching. If is installed as a stand-alone product, it includes a version of Splunk Enterprise as the internal search engine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |