-
Notifications
You must be signed in to change notification settings - Fork 16
Configuration Splunk
P4T12ICK edited this page May 1, 2018
·
5 revisions
A separate virtual machine is needed as SIEM virtual machine in VirtualBox. I used CentOS as Operating System for the SIEM VM. If you use Splunk as your SIEM system, Splunk Enterprise needs to be installed as described under the following link: http://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/Whatsinthismanual
After that, Splunk needs an inputs.conf configuration in order to receive the logs from the analysis VM: https://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/Inputsconf
If you or your company don't have an enterprise license of Splunk, you can use the free license of Splunk, which have some limitations described under the following link: https://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/TypesofSplunklicenses