The PowerConnect Content Pack for Enterprise Security can be installed through Splunkbase and does not require any special configuration.

  • Go to the PowerConnect SAP Content for Enterprise Security | Splunkbase or find the content pack by searching in the “Find More Apps” page of your Splunk installation

  • Install the app

    • On Splunkbase, login to download the app, and upload it to your Splunk installation, or

    • On the “Find More Apps” page of Splunk installation, click to self-service install in your Splunk system

  • Once the app is installed, you can configure and customize the correlation searches as needed!

    • Open the Splunk Enterprise Security app

    • Navigate to “Configure > Content > Content Management”

    • Search for “PowerConnect.” You can use the filter to narrow your search to include correlation searches if you want to only see the content pack.

    • All correlation searches are deactivated by default to allow customers to activate specific searches for their use