Symantec’s integration via Splunk Apps provides a clear dashboard for security operations allowing rapid investigation for advanced persistent threats.

Apps were tested on Splunk Enterprise 8.1 or later.  

Apps can interfere with Endpoint Detection and Response, Email security cloud, ProxySG Software, Cloud Secure Web Gateway and Web Application Firewall.

Visit the Symantec enterprise apps for Splunk page. Splunk apps are currently available for the following:

• Endpoint Detection & Response (EDR)
• Email Security.cloud
• Integrated Cyber Defense Exchange (ICDx)
• ProxySG
• Web Security Service (WSS)
• Web Application Firewall (WAF)

Note: While Splunk apps are freely downloadable and editable, they are unsupported by Symantec and are provided to assist with Splunk integration efforts.