TA-symantec_atp configuration without UI

search cancel

TA-symantec_atp configuration without UI

book

Article ID: 214021

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Is it possible to configure EDR App for Splunk at the splunk server cli?

We want retrieve incident and events related to incidents from "TA-symantec_atp". (Symantec EDR manager, not Symantec Email Security.cloud)0

We installed this TA on Search Head, Indexer and Forwarder instance and seek to configure it. But we have no access to UI of Splunk Forwarder, and we don't know how to configure it directly via ssh.

We have already configured OAuth 2.0 client from EDR.

Environment

Release : 1

Component :

Resolution

EDR App for Splunk supports configuration via Splunk UI.

Additional Information

Title: Symantec™ Endpoint Detection and Response App for Splunk® Administration Guide
URL: https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/generated-pdfs/sedr_app_splunk_admin_guide.pdf

Feedback

thumb_up Yes

thumb_down No