Scribd Logo
Upload

Welcome to Scribd!

  • CSA SIEM 100-6-Lab-Installing Splunk

    Uploaded by

    Akbar Shakoor
    70 views8 pages
    This document provides instructions for installing and configuring Splunk. It includes an overview of Splunk, objectives to install and understand basic Splunk functionality, system requirements, and step-by-step procedures to download and set up Splunk on a virtual machine. The procedures guide the user through creating a Splunk account, downloading the Splunk software, verifying the download, installing Splunk, enabling automatic startup, and configuring basic server settings including indexing thresholds.

    Original Description:

    wet

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for installing and configuring Splunk. It includes an overview of Splunk, objectives to install and understand basic Splunk functionality, system requirements, and step-by-step procedures to download and set up Splunk on a virtual machine. The procedures guide the user through creating a Splunk account, downloading the Splunk software, verifying the download, installing Splunk, enabling automatic startup, and configuring basic server settings including indexing thresholds.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    70 views8 pages

    CSA SIEM 100-6-Lab-Installing Splunk

    Uploaded by

    Akbar Shakoor
    This document provides instructions for installing and configuring Splunk. It includes an overview of Splunk, objectives to install and understand basic Splunk functionality, system requirements, and step-by-step procedures to download and set up Splunk on a virtual machine. The procedures guide the user through creating a Splunk account, downloading the Splunk software, verifying the download, installing Splunk, enabling automatic startup, and configuring basic server settings including indexing thresholds.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    SecureSet Academy

    Installing Splunk
    Last Updated: December 15, 2020
    Table of Contents
    SecureSet Academy 1
    Environment Setup 3
    Abstract 3
    Objective(s) 3
    Pre & Post conditions of lab 3
    System Requirements & Configuration 3
    System Requirements 3
    Network Requirements 3
    Software Requirements 4
    Data Requirements 4
    Procedure – Detailed Lab Steps 4
    Setup 4
    Lab Execution 4
    Base Lab 4
    Advanced Lab 7
    Lab “Tear-down” 7
    Questions/Responses 7
    Appendix 7
    Lab Assistance 7
    Terminology 7
    Environment Setup
    The Cyber Range environment is preconfigured for this activity. It is
    recommended that you also perform this lab in a local VM. See the Appendix
    for directions.

    Abstract
    Since we are learning about SIEMs, the best thing we can do is learn hands on.
    The best SIEM out there for you to learn on is Splunk. Mostly because it is free,
    but it will also give you a sense of how SIEMs work should you move on to
    another platform such as QRadar or LogRhythm

    Objective(s)
    By the end of this lab, you should be able to:
    ALO1: Install, Configure and Update Splunk
    ALO2: Use the Splunk interface to understand basic functionality

    Pre & Post conditions of lab


    At the end of the lab, you will have a fully functional Splunk environment.

    When using a Local VM, it is recommended that you take a Snapshot of the lab
    VM after you have finished.

    System Requirements & Configuration

    System Requirements
    The credentials for Cyber Range:

    Username: student
    Password: Password1!

    Credentials for the Student VM (downloaded):

    Username: admin
    Password: SplunkFTW!

    Network Requirements
    This lab will require network access for downloading files. Local Virtual
    Machines should use NAT.
    Software Requirements
    You will need to obtain a Splunk account and download Splunk from your
    virtual machine.

    Data Requirements
    No data needs to be provided. You will download needed installation files in
    the lab.

    Procedure – Detailed Lab Steps


    Setup
    Download the Student VM by the link provided in Canvas. Once you have the
    zip file, unzip it to a directory of your choice.

    In VirtualBox, create a new VM, with 4096 MB of RAM (recommended).

    When you get to the harddrive, select Use an existing virtual hard disk file.
    Select the file icon on the right of the text box, then click the Add button. Go
    the location where you unzipped the Student VM and find the SecureSet.vdi
    file. This will install the appropriate hard drive.

    You can now start your VM (Step 1 below).

    Lab Execution

    Base Lab
    1. Start your virtual machine, open Firefox and go to Splunk.com
    2. In the upper right-hand corner, use the button for “FREE SPLUNK”. Fill in
    your information, accept the terms and conditions, Select Software
    Download and click “Create Your Account”.
    3. After you have logged in, it should take you to this page or something
    similar:

    4. Select “Download Free 60-Day Trial”


    5. Click on Linux.

    6. Click on the latest version of the 8.x.x.deb. At the time of writing this – it
    was splunk-8.1.1-08187535c166-linux-2.6-amd64.deb
    7. Save the file (use the Download Now button). It will save to
    /home/siem/Downloads.
    8. Next check the checksum of the download to make sure it is correct.
    This can be done by typing in md5sum
    /home/siem/Downloads/splunk-8.1.1-08187535c166-linux-2.6-amd
    64.deb and checking that against the MD5 hash on the “Thank you for
    Downloading Splunk Enterprise” page in the upper right-hand corner.
    You are in security after all, shouldn’t you be checking your hashes?
    9. Open a Terminal window and type in sudo dpkg -i
    /home/siem/Downloads/splunk-8.1.1-08187535c166-linux-2.6-amd
    64.deb or whatever your version is. This will install Splunk, if it is not
    already installed, or upgrade Splunk in place.
    10. Splunk should now be installed in /opt/splunk
    11. Start Splunk by typing in sudo /opt/splunk/bin/splunk start
    12. Keep pressing the spacebar for the terms and conditions and select y
    when prompted. Be careful if you are just repeatedly hitting space or
    holding it down.
    13. If it asks you to enter a username and password, please use admin for
    the username and SplunkFTW! the same password as your VM.
    14. The next command you enter should be sudo
    /opt/splunk/bin/splunk enable boot-start. This allows Splunk to
    start automatically when the OS starts.
    15. Navigate in Firefox to http://127.0.0.1:8000
    16. Log into Splunk

    Configure the Server for a small environment

    1. In your Splunk User Interface, go to the “settings” menu, then choose


    “server settings” under the SYSTEM section.

    2. Choose, General Settings from the menu


    3. Scroll down to the Index settings, and set Pause Indexing if free
    disk space (in MB) falls below to 1000 mb.
    4. Save it using the green save button.
    5. Notice that you now have a new message.

    6. Checking the message will provide a link to restart your Splunk instance.
    Use the Restart Spunk button provided to restart.

    Advanced Lab
    None

    Lab “Tear-down”
    N/A

    Questions/Responses
    Student: Please record anything that was unclear about this lab.

    Appendix
    Lab Assistance
    N/A
    Terminology
    N/A

    You might also like