Integration between ITMS and Splunk
Article ID: 264112
Updated On:
Products
IT Management Suite
Issue/Introduction
Does ITMS currently provide integration with Splunk?
The customer's security group wants to incorporate Splunk into ITMS but they don't see a Splunk add-on like in SEP (Splunk Add-on for Symantec Endpoint Protection)
They are specifically looking for audit-type events, login, logout, admins making changes, etc. (successful\unsuccessful attempts) to ITMS using a Splunk add-on.
Environment
ITMS 8.6, 8.7
Resolution
Unfortunately, the current way in which we report/format these types of events is not friendly enough for third-party software to use it without some sort of integration. Most of that type of detail is stored in the database from events sent by our client machines or webpage calls (173483 "Using Item Trackers to audit/research who made changes in the Management Console" is how usually we can extract that type of details in our own processes).
Currently, we don't have plans to have some sort of integration with Splunk.
Feedback
Yes
No
Powered by
