Sandbox setting changes show as 'Splunk configuration' events in Endpoint Detection and Response

search cancel

Sandbox setting changes show as 'Splunk configuration' events in Endpoint Detection and Response

book

Article ID: 176188

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Symantec Endpoint Detection and Response (SEDR) logging may incorrectly show Sandbox configuration events as "Splunk configuration" events when configured with a Splunk connector and a Content Analysis Server/Malware Analysis (CAS/MA) solution, instead of the cloud-based Symantec Cynic offering.

Environment

SEDR 4.2.0

Resolution

This issue will be resolved in the upcoming 4.3 release of Symantec Endpoint Detection and Response.

Feedback

thumb_up Yes

thumb_down No