Discrepancy of the events from what shows in the Advance Threat Protection (ATP) Dashboard and what Splunk is getting.

book

Article ID: 170396

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Discrepancy of the events from what shows in the Advance Threat Protection (ATP) Dashboard and what Splunk is getting.

Resolution

ATP splunk forwarder's event gatherer component queries for all events within a window on 7 days. Anything reported after the 7th day window will not be pulled from public API. This is by design.