Is it possible to configure EDR App for Splunk at the splunk server cli?
We want retrieve incident and events related to incidents from "TA-symantec_atp". (Symantec EDR manager, not Symantec Email Security.cloud)0
We installed this TA on Search Head, Indexer and Forwarder instance and seek to configure it. But we have no access to UI of Splunk Forwarder, and we don't know how to configure it directly via ssh.
We have already configured OAuth 2.0 client from EDR.
Release : 1
EDR App for Splunk supports configuration via Splunk UI.