Skip to content

Installation and Usage

Jump to bottom
Bhavin Patel edited this page Jan 26, 2021 · 3 revisions

The Splunk Security Content can be used via:

Splunk App

Grab the latest release of DA-ESS-ContentUpdate and install it on a Splunk Enterprise instance.

API

curl -s https://content.splunkresearch.com | jq
{
  "hello": "welcome to Splunks Research security content api"
}

GitHub Workflow

Splunk Security Content can be used from GitHub by executing the following steps:

  1. Clone the Security Content GitHub project.
git clone git@github.com:splunk/security_content.git
  1. Change the deployment configuration under deployments/ to fit to your Splunk environment.
  2. Create virtualenv and install requirements.
pip install virtualenv && virtualenv venv && source venv/bin/activate && pip install -r requirements.txt
  1. Run bin/generate.py with the following command.
python bin/generate.py --path . --output package -v
  1. Copy the package folder to your Splunk instance.
Clone this wiki locally