It is also necessary to use a Centreon account with either admin privileges or Export configuration and Broker configuration menu access in the WUI, as well as a root access in command-line interface.Splunk integrations requires an Splunk Entreprise Edition and a HTTP Event Collector to send the Centreon Data.Splunk UBA warm standby requires Python 3.If the primary and standby Splunk UBA systems are deployed across multiple sites, the standby Splunk UBA system must have its own Splunk Enterprise deployment equivalent to the primary system in order to provide equivalent ingestion throughput.If the Splunk Enterprise deployment is unable to retain raw events for Splunk UBA to re-ingest, the replay cannot be fully performed. The raw events on Splunk Enterprise must be available for Splunk UBA to consume.See Use clusters for high availability and ease of management in the Splunk Enterprise Distributed Deployment Manual. This is required for Splunk UBA to re-ingest data from Splunk Enterprise. The Splunk Enterprise deployment where Splunk UBA pulls data from must also be highly available.This table identifies the data nodes per deployment: Port 9866 must be open on all the data nodes.Port 22 on all nodes in all deployment sizes must be open for scp and SSH to work.For deployments of 1 - 10 nodes, this is node 1. Port 5432 on the database node in all deployment sizes.Port 8020 on the management node (node 1) in all deployment sizes.The following ports must be open behind the firewall between both the primary and standby cluster: See Network requirements in the Install Splunk User Behavior Analytics manual. The standby system must have the same ports open as the primary system.See Configure host name lookups and DNS in the Install and Upgrade Splunk User Behavior Analytics manual. The /etc/hosts file on each node in both the standby and primary systems must have the hostnames of all other nodes in both the standby and primary systems. If you send anomalies and threats from Splunk UBA to Splunk Enterprise Security (ES) using an output connector, see Configure the Splunk platform to receive data from Splunk UBA's output connector in the Send and Receive Data from the Splunk Platform manual to set up the Splunk ES certificate in Splunk UBA.See Request and add a new certificate to Splunk UBA to access the Splunk UBA web interface in the Install and Upgrade Splunk User Behavior Analytics manual.The standby system must have its own certificates that are setup separately from the primary system. See Install Splunk User Behavior Analytics in the Install and Upgrade Splunk User Behavior Analytics manual and follow the instructions for your deployment and operating system. Across the entire cluster, if applicable.Įach node in the standby and primary systems must have passwordless SSH capability to any other node in either system. The standby system must reflect and mimic both the operating system and UBA version as the primary system. Copy the SSH keys from the existing primary Splunk UBA system to all servers in the standby system. The standby system must use the same SSH keys as the primary system. See Hardware requirements in the Install and Upgrade Splunk User Behavior Analytics manual. See Scaling your Splunk UBA deployment in the Plan and Scale your Splunk UBA Deployment manual.Īll nodes in the standby system must meet the minimum hardware requirements for all Splunk UBA servers, including allocating enough space on the management node if you are configuring incremental backups. The standby system must have the same number of nodes as the primary system. Verify that the standby system meets all of the requirements in the table: The standby Splunk UBA system must be configured separately from the primary system and must meet all of the same system requirements.Verify that the following requirements are met in preparation for configuring warm standby for Splunk UBA: Requirements to set up warm standby for Splunk UBA
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |