Splunk shows critical in Advance Threat Protection (ATP) User Interface (UI).

book

Article ID: 170831

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

ATP UI shows a Red Critical on the Splunk connector.

Resolution

This is issue has been fixed in ATP 3.1.0 build, please upgrade to ATP 3.1.0 or later.

 

Workaround:

  1. Log into the ATP UI and click on the Settings-> Data Sharing-> .
  2. Uncheck the "Enable" for the "Splunk Event Forwarding".
  3. Edit the Splunk Event Forwarding.
  4. Expand the "Show Filters" and edit the "Event Forwarded From" date to the day before.
  5. Save the setting and Check the Enable box to activate the Splunk connection.
  6. You should get a Healthy Green status.
  7. Monitor for week to make sure that the Splunk server is receiving data.