Install and Configuration Steps for Essential 8¶

Where to Install Compliance Essentials¶

The Application should be installed on the Search Head, either through the UI via “Manage Apps” or by extracting the archive into /opt/splunk/etc/apps folder.

Fresh Install and Setup Steps¶

Download Compliance Essentials for Splunk

1. Install App Dependencies:

   • Data Mapping (Required)
     • Install Common Information Model (CIM)
     • Data sources should be mapped to CIM.
     • Ensure utilized data models are accelerated as expected (recommend >=30 days acceleration in a similar fashion to a standard ES implementation).
     • For examples of Data Sources, navigate to Data Souce Examples.
   • Apps used for Visualizations:
     • Splunk Sankey Diagram
     • Horseshoe Meter
     • Punchcard App
     • Machine Learning Toolkit (MLTK): used for limited anomaly functions and visualizations
     • Python for Scientific Computing: required for MLTK
   • Optional: recommend installing the Lookup File Editor for easier import and modification to KV Store collections

2. Select Framework(s): Navigating to the app after a fresh install will direct you to the App Initial Setup Page. Once a framework or selection of frameworks are selected, a prompt will appear to navigate you to the Domain Overview Page.

1. Setup Default Levels Navigate to the “Practice Family Collection Setup” page to set up default level selection. Level Cards that are selected will be displayed by default in the Practice Overview Page.

2. Enrich lookups used to filter dashboard: Throughout the solution, individual dashboards may be subject to specific requirements, values / ranges / averages. These dashboards utilize lookups and KV Store collections to enrich and filter datasets. Enrich the following lookups listed on Dashboard Lookups page.

3. Add panels to dashboards: The solution includes 300+ panels that can be added to dashboards through the Custom Content Page, or through the “Add Panels” button on each practice dashboard. For setup instructions visit the Add Content to Dashboard Page

4. Setup Multi-Systems (Optional): To setup multiple systems (e.g. a system for each sub-organization) visit the Multi-System Setup page.

5. Start creating audit and assessment entries: Visit the Essential 8 Dashboards page to learn more.