Access Splunk app for Cloud Connect on Splunkbase to access Cloud extensions

Use Splunk app for Cloud Connect on Splunkbase to connect on-premise instances of Splunk Enterprise Security to access cloud-native, SCS hosted, or Splunk managed security extensions such as Threat Intelligence Management (TIM), Detection Studio (DS), and so on.

If you have Read Only access for Cloud Connect, you can view the Cloud product connection details and status with the cloud_connection_product_get capability. If you have full Cloud Connect access, you have the following capabilities:
  • cloud_connection_product_get
  • license_read
  • license_edit
Perform the following tasks to use Splunk app for Cloud Connect on Splunkbase to access specific Cloud features:
  1. Download Splunk app for Cloud Connect Splunkbase
  2. Install Splunk app for Cloud Connect
  3. Set up Splunk app for Cloud Connect on the app

Download Splunk app for Cloud Connect Splunkbase

Follow these steps to download the app:
  1. Access Splunkbase (https://splunkbase.splunk.com/), search for Splunk Cloud Connect, and log in with your access credentials.
  2. Select Download to download the app file.
    Note:

    Ensure that the Splunk app for Cloud Connect is the most recent version from Splunkbase.

Install Splunk app for Cloud Connect

Prerequisites
  • You must use your Splunk.com account credentials, which may differ from your local Splunk instance login.
  • You must have admin or sc_admin roles to install apps.
  • You must have Splunk Enterprise Security version 8.5 or higher to use these extensions.
Note: For more information, see Install apps in Splunk Platform deployments.
  1. Open Splunk Web and log in to your Splunk instance.
  2. Navigate to Apps and select the gear icon for Manage Apps.
  3. Select Install app from file.
  4. Select Choose File and select the downloaded package, and then select Upload.
  5. Restart your Splunk instance when prompted to complete the installation.

Set up Splunk app for Cloud Connect on the app

Follow these steps to set up Splunk Cloud Connect using the app to access specific Cloud features:
  1. Access the Splunk app for Cloud Connect on Splunk Web.
  2. In the Set up Cloud Connected window, specify the region from the drop-down based on where you want your cloud tenant to be located. For example, US-West; US-East, and so on.
  3. Specify the requested name of your Cloud tenant. For example: cmp-mytenant-01
  4. Specify the email address where a verification code can be sent for authentication.
    Note: The email address must be associated with your SFDC account that is tied to your Splunk license.
  5. Select Submit.
  6. Check your email for the one-time 36 digit verification code.
    Note: Requesting that the verification code is resent, increments the tenant name by a single digit. When you request the verification code for the first time, the request includes the tenant name as follows: cmp-<user entered string for tenant>-01 . When you request the verification code again, the tenant name whose OTP you used to establish trust with Splunk Cloud Services (SCS) is incremented by a single digit.
  7. Enter the one-time verification code that you received in your email.
  8. Select Submit to establish connection.
    Note: If there is an error during health checks, a temporary error log is added, which must be deleted from the disk. The format of the error is as follows:ERROR utils.scs_utils: Failed to delete temporary key file /tmp/tmpx7k2m_9q.pem: <ERROR MSG>; manual cleanup may be needed. . If the authentication process is successful, your Cloud connection is activated and your Cloud resources are provisioned.
  9. Once connection is established, use the Cloud Connect overview to identify Cloud specific extensions from the available list of features that you can activate for use. For example, Detection Studio or Splunk Enterprise AI Assistant for SPL (SAIA).
  10. Select Activate to turn on the specific feature that you want to use.