Discrepancy of the events from what shows in the Advance Threat Protection (ATP) Dashboard and what Splunk is getting.
book
Article ID: 170396
calendar_today
Updated On:
Products
Endpoint Detection and ResponseAdvanced Threat Protection Platform
Issue/Introduction
Discrepancy of the events from what shows in the Advance Threat Protection (ATP) Dashboard and what Splunk is getting.
Resolution
ATP splunk forwarder's event gatherer component queries for all events within a window on 7 days. Anything reported after the 7th day window will not be pulled from public API. This is by design.