3.8 Installing Splunk

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
6 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
>> Welcome back to the summary course
00:00
in building your Infosec lab.
00:00
I'm your host and instructor,
00:00
>> Kevin Hernandez.
00:00
>> In our previous lesson,
00:00
we installed QRadar in our CentOS7.5 minimalist OS.
00:00
In today's lesson, we'll actually be installing Splunk.
00:00
Splunk is another big player when it comes to SIEMs.
00:00
It's considered by most to be
00:00
up there head-to-head with QRadar.
00:00
Some put it up ahead,
00:00
while others put it slightly behind.
00:00
However, its market share is pretty extensive.
00:00
Now let's get started.
00:00
>> Let's go ahead and install Splunk.
00:00
>> You can see right here in your right corner,
00:00
I'm already logged in.
00:00
You will see that to this page.
00:00
Let's click a "Free Splunk".
00:00
You're presented with different options,
00:00
free trials for Cloud,
00:00
enterprise light, and also Splunk free.
00:00
Let's click "Download".
00:00
>> Here, presented with several options
00:00
>> for first installers,
00:00
>> you have 64 bit options for Windows,
00:00
you have a 64 bit version for Linux.
00:00
You're also presented the Intel version
00:00
>> for OSX version 10.12 up to 12.14.
00:00
>> In this case, we're selling this in a primary system.
00:00
Let's go with Windows 64 bits
00:00
>> and click "Download".
00:00
>> You have to accept the software license agreement
00:00
>> and start the download.
00:00
>> As you see the download
00:00
has started in the bottom left corner.
00:00
It's around 237 megabytes of data.
00:00
Let's give it a few seconds to finish loading.
00:00
As you can see on the screen,
00:00
you have several options for getting data
00:00
>> or basically manuals or video instructions,
00:00
>> and how to properly forward locks into Splunk.
00:00
Now that installer is finally downloaded,
00:00
it's going through a process of verification.
00:00
Let's go ahead and double-click that,
00:00
so we can start our installation.
00:00
Now let's get started with the installation.
00:00
Accept the license and agreement.
00:00
Here's the directory,
00:00
local system account and career start shortcut.
00:00
Let's look at the options here and modify the path.
00:00
Even if you decide you want to run it under local
00:00
>> or to the main account.
00:00
>> You can put additional credentials if you like.
00:00
Let's go with the phone.
00:00
>> Let's put our credentials in.
00:00
>> Next, we want to create a shortcut.
00:00
Let's go ahead to the selection.
00:00
Here's a possibility of pop up play might show up.
00:00
Just the case, go ahead and click "Yes".
00:00
One of the really good things I like about
00:00
Splunk, it's diversity offers.
00:00
There's a big difference versus QRadar,
00:00
which only offer CentOs
00:00
>> and red for Version 7.5 specific.
00:00
>> Now as I mentioned before,
00:00
or I may have not, it is very tricky.
00:00
If you're, for example,
00:00
>> download CentOs 7.5 and update Yum,
00:00
>> QRadar would not continue in the installation,
00:00
>> it is that tricky.
00:00
>> That gives me a false source of security
00:00
>> in being honest with you.
00:00
>> Malware is out there
00:00
>> and having an outdated software,
00:00
>> it's very dangerous.
00:00
>> Therefore, I'm highly concerned with that environment,
00:00
>> to be honest with you.
00:00
>> However, its the one I'm more familiarized with.
00:00
Let's go ahead and open Splunk.
00:00
You can see it was pretty easy installation
00:00
>> compared to QRadar, a lot faster.
00:00
>> I would say the QRadar installation itself
00:00
>> took me over an hour
00:00
>> after I finally figured out how to properly do it.
00:00
>> The reason I say that is because
00:00
>> even though I have done it many times
00:00
>> in the Red Hat environments,
00:00
>> and incentives and power versions,
00:00
took me easily seven hours to get it up
00:00
>> and running due to lack of documentation.
00:00
>> Let's go ahead and login.
00:00
>> Here we go.
00:00
>> Add them to my little thing that for now.
00:00
>> Basically you have the whole let's make better.
00:00
I got support, share information.
00:00
Here we go.
00:00
>> Splunk is already up and running.
00:00
>> Now here's where we pull up select a default dashboard.
00:00
You can see you have HT events,
00:00
indexes for all the situation search data quality,
00:00
and therefore more dashboards.
00:00
In this case I'm just going to pick
00:00
data quality right there and hit "Save"
00:00
>> and right now I will not see much data,
00:00
>> I'm pretty sure because
00:00
>> I'm actually not sending
00:00
>> any type of data into Splunk.
00:00
>> There you have it. Splunk installation
00:00
is now installed up and running.
00:00
Make sure you save the address over here in the top.
00:00
You going to make sure you're able to reach Splunk.
00:00
As in prior instances,
00:00
let's make sure we grab a snippet of this.
00:00
We can see that in our document,
00:00
>> it should be good enough.
00:00
>> Just open it.
00:00
>> Let's go here,
00:00
>> click "Splunk" and paste it and there we go.
00:00
Save your document,
00:00
>> and close your snippet, and there we go.
00:00
>> In today's lesson, we basically installed Splunk
00:00
>> in our Windows 10 system.
00:00
>> If you remember correctly,
00:00
you were able to also install it
00:00
>> in Linux as well as MacOS.
00:00
>> This gives us a lot of options
00:00
>> when compared to QRadar,
00:00
>> which is very restricted into two operating systems
00:00
>> in a specific version of subsystem.
00:00
>> In our next lesson,
00:00
>> we will start looking into installing OSSIM,
00:00
>> a product from AlienVault and AT&T.
00:00
Hope to see you soon, have a great day.
Up Next