ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

TA-symantec_atp configuration without UI

book

Article ID: 214021

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Is it possible to configure EDR App for Splunk at the splunk server cli?

We want retrieve incident and events related to incidents from "TA-symantec_atp". (Symantec EDR manager, not Symantec Email Security.cloud)0

We installed this TA on Search Head, Indexer and Forwarder instance and seek to configure it. But we have no access to UI of Splunk Forwarder, and we don't know how to configure it directly via ssh.

We have already configured OAuth 2.0 client from EDR.

 

Environment

Release : 1

Component :

Resolution

EDR App for Splunk supports configuration via Splunk UI. 

Additional Information