IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

Splunk 7.3.3 and Splunk ES 5.1 Integration Compatibility

  • 1.  Splunk 7.3.3 and Splunk ES 5.1 Integration Compatibility

    Posted Fri November 13, 2020 05:23 AM
    Dears,

    Is there a resilient App for Splunk that supports version 7.3.3 and Splunk ES 5.1.
    I had App v 1.0.3 and was supporting Splunk v 7, after the upgrade to v7.3.3, I am not able to escalate any notable event to resilient.
    Resilient version is 35.0.32.  

    I have seen new app v 1.1.x on the app exchange, but in the prerequisites, it supports splunk 8 and es 6.1 or later.

    also from Resilient side, if there is Splunk app to update notable event and query artifacts, please advise on the compatible version.
    and where to download both if not the latest in APP exchange,

    Regards,

    ------------------------------
    ahmed abushanab
    ------------------------------


  • 2.  RE: Splunk 7.3.3 and Splunk ES 5.1 Integration Compatibility

    Posted Mon November 16, 2020 09:35 AM
    Hello Ahmed,

    You are correct, the 1.1.0 version of the Resilient Addon for Splunk that we release has only been tested on Splunk 8. There were a lot of fixes that went into that version, so if you are planning to upgrade to Splunk 8 I would highly recommend that you go to 1.1 of our addon as well.

    Your environment (Slunk 7.x and ES 5.X) does appear to be supported, however. What error are you getting? I advise you check $SPLUNK_HOME/var/log/splunk/resilient_modalert.log .

    For the Resilient side, we offer the Resilient-Splunk Datafeeder:
    https://exchange.xforce.ibmcloud.com/hub/extension/85297f1b0f26f79a488991806382fde3
    and a splunk integration
    ​https://exchange.xforce.ibmcloud.com/hub/extension/824f209c87ee6252a65f0e4471210848

    Cheers,
    Brian

    ------------------------------
    Brian Reid
    ------------------------------

    Original Message