Introduction

In This Section: Prerequisites and Requirements Installing Dependencies

This documents provides step by step instructions to install, configure, and troubleshoot the Check Point Adaptive Response (AR) Add-on for Splunk Enterprise with the Enterprise Security App.

The integration is in two parts:

1. The Splunk AR Add-on is installed on the Splunk server.
2. Splunk sends the IOC (indicators of compromise) files to the gateway via SSH. The gateway then enforces them.

The installation and configuration process happens on both the Splunk Server and the Security Gateway.

Download the Check Point Adaptive Response Add-on for Splunk bundle from Splunkbase. This bundle creates a necessary alert action for Splunk Enterprise Users as well as for Splunk Enterprise Security App Users and contains a configuration page to configure the details on the destination machine where the files are transferred.

Prerequisites and Requirements

• Splunk Enterprise 6.6.0 or higher.

  To download Splunk Enterprise, go here.

  To install Splunk Enterprise, follow the instructions here.

• Splunk Enterprise Security App 5.0 or higher.

  To download the Splunk Enterprise Security App, go here.

• Environment Variable

  Set the environment variable to SPLUNK_HOME.