Skip to content

Splunk Required Apps and Add-ons

Minimum requirements

The OT Add-on for Splunk works on by both On Premise and Splunk Cloud instances.

Mininum requirements to use the OT Add-on for Splunk are:

  • Splunk Enterprise 8.0.x or greater
  • Splunk Enterprise Security 7.0.x or greater
  • Splunk Common Information Model 5.0 or greater

In addition, Splunk Enterprise Security should already be installed and configured before installing the OT Security Add-on. This guide assumes that Splunk Enterprise Security has been installed and pre-configured.

Recommendations

Recommended requirements to use the OT Add-on for Splunk are:

  • Splunk Enterprise 9.1.x or greater
  • Splunk Enterprise Security 7.1.x or greater
  • Splunk Common Information Model 5.1.x or greater

App/Add-on Requirements

Several apps are leveraged by the Splunk OT Security App to provide additional insights via visualizations. The following visualizations should be installed on the host where the OT Security Add-on is being used:

OT Security Technology Apps and Add-ons

OT Security tools provide information on what devices and protocols are being used and, in some, can detect changes to these devices or provide threat intelligence. In addition, these tools often provide visibility into specific OT protocols and devices such as PLC's and RTU's. They often utilize appliances that are placed at critical segments of the network and monitor traffic across these segments. In most cases, monitoring is done passively, although several of them now offer active monitoring of assets by speaking native OT protocols to the devices.

The intelligence and information provided by these solutions can be critical in identifying OT assets and provide valuable context for assets. Splunk allows a customer to monitor the entirety of the OT environment, including critical IT infrastructure and networks, and extend visibility to IT and OT environments and OT devices.

When possible, using these apps or add-on provide mapping to the OT Security Add-on out of the box, although it always best to consult the respective product's documentation for details on data integration and data sources provided to Splunk.