TA-symantec_atp configuration without UI
search cancel

TA-symantec_atp configuration without UI


Article ID: 214021


Updated On:


Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response Advanced Threat Protection Platform


Is it possible to configure EDR App for Splunk at the splunk server cli?

We want retrieve incident and events related to incidents from "TA-symantec_atp". (Symantec EDR manager, not Symantec Email Security.cloud)0

We installed this TA on Search Head, Indexer and Forwarder instance and seek to configure it. But we have no access to UI of Splunk Forwarder, and we don't know how to configure it directly via ssh.

We have already configured OAuth 2.0 client from EDR.



Release : 1

Component :


EDR App for Splunk supports configuration via Splunk UI. 

Additional Information