Installation¶

Splunk Enterprise¶

Download¶

This add on is installed on the Splunk Enterprise Security Search head.

Splunk Enterprise:

Download the latest published release from https://splunkbase.splunk.com/app/4226/
Download the latest master build from bitbucket

Installation¶

See installing apps

Install on Search Head(s)
Install on Indexers and Intermediate Forwarders

Splunk Cloud:¶

Using a service request ask for the app installation SecKit_TA_idm_windows id “4226” specify version 1.0 or later

Data Collection (Splunk Enterprise & Splunk Cloud)¶

Expand the archive and install in the deployment-apps server. - Copy the inputs stanza from default to local - Set disabled=false - Set a index we suggest oswinscripts
Add the app to a deployment server class deployed to all Windows OS UFs restart is required. If using “SecKit TA Windows guidance” utilize seckit_all_2_os_windows_0

Verify Installation¶

Run the following search for last 30 min records should be returned

index=<selectedindex> sourcetype="seckit:idm:windows:interface"

Read the Docs v: latest

Versions: latest; stable

Downloads: pdf; htmlzip; epub

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.