Installation steps: SAP PowerConnect Content Pack for Splunk Enterprise Security

The PowerConnect Content Pack for Enterprise Security can be installed through Splunkbase and does not require any special configuration.

• Go to the PowerConnect SAP Content for Enterprise Security | Splunkbase or find the content pack by searching in the “Find More Apps” page of your Splunk installation

• Install the app

  • On Splunkbase, login to download the app, and upload it to your Splunk installation, or

  • On the “Find More Apps” page of Splunk installation, click to self-service install in your Splunk system

• Once the app is installed, you can configure and customize the correlation searches as needed!

  • Open the Splunk Enterprise Security app

  • Navigate to “Configure > Content > Content Management”

  • Do one of the following to narrow the view to the content pack:

    • Search “PowerConnect”

      Open

      

    • Under the App filter, select “PowerConnect SAP Content for Enterprise Security”

      Open

      

  • Activate the desired group of correlation searches by clicking “Enable” or “Disable” in the Actions column.

  • All correlation searches are deactivated by default to allow customers to activate specific searches for their use

CONTENT PACK VERSION 1.0.0 ONLY

A misconfiguration in the release has caused all correlation searches to be treated as orphaned searches. They will not run without being assigned to an owner. For more information on resolving this issue, see https://powerconnect.atlassian.net/wiki/spaces/POW/pages/3343581199.