Configure adaptive response actions for your Splunk Cloud Platform ES search head.
Configure your Splunk Cloud Platform ES search head with a modular action worker.
Configure your on-premises heavy forwarder with a modular action relay.
Configure your on-premises heavy forwarder with an API key.
Configure your Splunk Cloud Platform ES search head with an API key.
Install the technology add-on for Adaptive Response on your heavy forwarder.
You need to perform the following steps to set up Adaptive Response actions: You must install Splunk Enterprise Security on the heavy forwarder prior to configuring it for Adaptive Response actions. These queued actions store metadata and search results that allow a separate proxy component to execute those adaptive response actions from within the on-premises environment. Adaptive response relay allows adaptive response actions to queue on the Splunk Cloud Platform ES search head. Splunk Cloud Platform customers can utilize Adaptive Response actions in Splunk Enterprise Security (ES) without exposing infrastructure controls and administration to the open internet. Set up an Adaptive Response relay from a Splunk Cloud Platform Enterprise Security search head to an on-premises device
0 kommentar(er)
