Symantec’s integration via Splunk Apps provides a clear dashboard for security operations allowing rapid investigation for advanced persistent threats.

Apps were tested on Splunk Enterprise 6.5.0 or later.  

Visit the Symantec enterprise apps for Splunk page. Splunk apps are currently available for the following:

• Endpoint Detection & Response (EDR)
• Email Security.cloud
• Integrated Cyber Defense Exchange (ICDx)
• ProxySG
• Web Security Service (WSS)
• Web Application Firewall (WAF)

Note: While Splunk apps are freely downloadable and editable, they are unsupported by Symantec and are provided to assist with Splunk integration efforts.