Discrepancy of the events from what shows in the Advance Threat Protection (ATP) Dashboard and what Splunk is getting.
Article ID: 170396
Updated On:
Products
Endpoint Detection and Response
Advanced Threat Protection Platform
Issue/Introduction
Discrepancy of the events from what shows in the Advance Threat Protection (ATP) Dashboard and what Splunk is getting.
Resolution
ATP splunk forwarder's event gatherer component queries for all events within a window on 7 days. Anything reported after the 7th day window will not be pulled from public API. This is by design.
Feedback
Yes
No
Powered by
