Splunk shows critical in Advance Threat Protection (ATP) User Interface (UI).
book
Article ID: 170831
calendar_today
Updated On:
Products
Advanced Threat Protection Platform
Issue/Introduction
ATP UI shows a Red Critical on the Splunk connector.
Resolution
This is issue has been fixed in ATP 3.1.0 build, please upgrade to ATP 3.1.0 or later.
Workaround:
- Log into the ATP UI and click on the Settings-> Data Sharing-> .
- Uncheck the "Enable" for the "Splunk Event Forwarding".
- Edit the Splunk Event Forwarding.
- Expand the "Show Filters" and edit the "Event Forwarded From" date to the day before.
- Save the setting and Check the Enable box to activate the Splunk connection.
- You should get a Healthy Green status.
- Monitor for week to make sure that the Splunk server is receiving data.
Feedback