Scribd
Upload
25 views27 pages

Splunk Setup for Cybersecurity Pros

Uploaded by

jajamsrinu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views27 pages

Splunk Setup for Cybersecurity Pros

Uploaded by

jajamsrinu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Splunk Installation

splunk is a powerful tool used in cybersecurity for collecting, indexing,


searching, and analyzing vast amounts of machine-generated data from
various sources such as network traffic, server logs, application logs,
and more. It helps security teams to detect and respond to security
threats effectively by providing real-time visibility into the security
posture of an organization's IT infrastructure. Splunk's capabilities
enable security analysts to identify patterns, anomalies, and potential
security incidents, investigate security breaches, and streamline incident
response processes. Overall, it's a crucial tool for monitoring, managing,
and enhancing the security of digital environments.

1) Download the splunk from official website


https://www.splunk.com/

Click on the free splunk option, it will take you the sign-up page
2)Create an splunk account

Fill in all the details to create a Splunk account

3)After creating an account, log in to your Splunk account

Note: Perform all these steps in your windows server

Click on the downloads page


4)Select the Splunk Enterprise Free Trial option
5)Select windows version and click on download

Make sure you download the Splunk server from your Windows Server 2019,
which is installed in the VMware

Now the download has started, it will take some time


6) After downloading the file, run it.

Accept the license Agreement, then click on next


7) Create an admin account for splunk dashboard

Create a strong username and a strong password.


Click on Install

It will take some time


"Now that the installation is completed, click on 'Finish'."

Now, it will launch the Splunk portal.


Now, enter the credentials you created earlier and click on 'Sign In

The installation is now completed, and you can begin using Splunk.
Splunk Forwarder
Splunk forwarder, simply put, is a component of the Splunk data
processing architecture. It's responsible for collecting, forwarding, and
indexing machine data such as logs, events, and metrics from various
sources to a Splunk deployment for analysis and visualization.
Forwarders are lightweight agents that are installed on the machines
generating the data. They continuously monitor designated files or
streams, extract relevant information, and send it securely to the Splunk
indexer or indexer cluster for storage and analysis. This helps
organizations centralize their machine data, gain insights, and take
action based on real-time information.
1)Download The splunk universal forwarder
https://www.splunk.com/en_us/download/universal-forwarder

Log in to your account and click on free splunk


2) Navigate to the downloads page.

Click on 'Get my free Download' under Universal Forwarder.


4) Select windows version

Select the Windows version and click on 'Download Now'.

The download has started; it will take some time.


5)After downloading the file, run it

Accept the license agreement and select on-premises and click on next
6)create an account for the splunk forwarder

7)Deployment server

Leave hostname and port empty and click on next


8)Receiving indexer

Enter your splunk server Ip address and port number is 9997


Click on install

The installation process is started it will take some time


9) log in to your splunk portal
10) configure receiving port

Click on settings and click on forwarding and receiving


Click on add new

Enter 9997 port and click on save


11) open a command prompt with administrator privileges.

Navigate to the directory where the Splunk Universal Forwarder is installed

Default path C:\Program Files\SplunkUniversalForwarder\bin

13) Configure the Splunk Universal Forwarder to send logs to your Splunk
indexer
Replace <indexer_host> with the hostname or IP address of your Splunk
indexer and <port> with the receiving port of your Splunk indexer.

Enter the username and password

14) Add the logs you want to forward

15) start splunk


16) Verify that logs are being forwarded successfully

Log in to your splunk portal

Click on searching and reporting


Here, we can see that the logs are being forwarded from Windows to the
Splunk server.
Splunk monitor
1)Log in to your splunk portal

Click on add data


2)monitor
3)local event logs

Click on local event logs and select the type of logs you want to
monitor

Click on review
Click on submit
4)verify the data

Click on start searching


"We can see that the security logs are being forwarded from
Windows to our Splunk server."

You might also like