Verify requirements

Verify the requirements on this page before you download and install the Anvilogic App for Splunk.

Supported versions

You can integrate the Anvilogic platform with Splunk Enterprise versions 9.0.x and 8.0 - 8.3.x.

Splunk Enterprise Security (ES) versions 5.0 - 7.0.x are supported.

Where to install the app

Install the Anvilgic App for Splunk on your Splunk search head. The server where you install the Anvilogic App for Splunk must meet the following requirements:

The server must be able to connect to https://secure.anvilogic.com over port 443. This is required to download Splunk code and rules metadata.
The server must be able to connect to https://eoi-files.anvilogic.com over port 443.
The server must be able to connect to https://databus.anvilogic.com over port 443 to send events for third party vendor alert integrations.

If you have multiple Splunk Enterprise instances, install the Anvilogic App for Splunk in only one of those environments.

Splunk Enterprise deployment considerations

For performance considerations, review the following factors in your Splunk Enterprise deployment:

The number of concurrent users.
The number of concurrent searches.
The types of searches used.

See How concurrent users and and searches impact performance in the Splunk Enterprise Capacity Planning Manual.

When you deploy threat identifiers on the Anvilogic platform, saved searches are created in your Splunk deployment. You can use cron scheduler recommendations on the Anvilogic platform to manage the load on your Splunk deployment.

Splunk Enterprise resource and hardware considerations

Resource and hardware considerations for the Anvilogic App for Splunk match the recommendations for your Splunk Enterprise deployment. See Reference hardware in the Splunk Enterprise Capacity Planning Manual.

Last updated 1 month ago

Last updated 2 months ago