So we have written the upgrade codes, and now we can upgrade X number of SAP applications and databases as needed. We do have various other stuff as well, like upgrades. So it is just not limited to all those shutdowns and this. In our environment, we have SAP applications, and SAP has its own commands to shut down the applications, databases, et cetera. Earlier, when we used to have to manage it manually, when we shut down the application, it used to take a lot of time. The workflow has been created in such a way that it helps us. It means that we can just call that script, and it gets triggered on the particular server, and it shuts down. We shut down all our different applications by writing our code in the shell languages, and we upload through GitHub. We do have our own data center where we have our maintenance on the infrastructure side, and the application has to be brought down. We are using it for various purposes like maintenance. We are not using it just for security purposes. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.Basically, we are using it for most of our automation, and not as per the SOAR, although it is a SOAR application. Use the search head cluster deployer to distribute the add-on across search head cluster members. Use the table to check the compatibility of the Splunk Phantom App for Splunk with Splunk Enterprise distributed deployment features. The add-on does not contain inputs for forwarder data collection. ![]() The add-on provides an nf file to create the phantom_modalert index. Use the table to determine where to install the Splunk Phantom App for Splunk in a distributed Splunk Enterprise deployment. Where to install the app in a distributed deployment Use the tables below to determine where and how to install the Splunk Phantom App for Splunk in a distributed Splunk Enterprise deployment. Install the Splunk Phantom App for Splunk in a distributed Splunk Enterprise environment Restart Splunk Enterprise for the changes to take effect.Edit the $SPLUNK_HOME/etc/system/local/nf file.See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.Īuthorize the Splunk Phantom App for Splunk in the Splunk cluster captain node's nf file so that configuration changes made to the Splunk Phantom App for Splunk can be replicated within the search head cluster. Use a deployer to install the Splunk Phantom App for Splunk in a search head cluster environment. Install the Splunk Phantom App for Splunk in a search head cluster You can also search for and download the Splunk Phantom App for Splunk within Splunk Enterprise. Confirm that you want to restart Splunk Enterprise to complete the installation.Upload the Splunk Phantom App for Splunk file you downloaded earlier in this procedure.In the apps panel, click the gear icon.Log into your Splunk platform instance.Download Splunk Phantom App for Splunk from Splunkbase.To install the Splunk Phantom App for Splunk on a single search head, follow these steps: Install the Splunk Phantom App for Splunk on a single search head Install the Splunk Phantom App for Splunk on a single search head, search head cluster environment, or distributed Splunk Enterprise deployment. Playbooks can serve many purposes, ranging from automating minimal investigative tasks that can speed up analysis to large-scale responses to a security breach. Install the Splunk Phantom App for Splunk on Splunk Enterprise The Splunk Phantom Automation API allows security operations teams to develop detailed and precise automation strategies.
0 Comments
Leave a Reply. |