Integration between ITMS and Splunk
search cancel

Integration between ITMS and Splunk

book

Article ID: 264112

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Does ITMS currently provide integration with Splunk?

The customer's security group wants to incorporate Splunk into ITMS but they don't see a Splunk add-on like in SEP (Splunk Add-on for Symantec Endpoint Protection)

They are specifically looking for audit-type events, login, logout, admins making changes, etc. (successful\unsuccessful attempts) to ITMS using a Splunk add-on.

Environment

ITMS 8.6, 8.7

Resolution

Unfortunately, the current way in which we report/format these types of events is not friendly enough for third-party software to use it without some sort of integration.  Most of that type of detail is stored in the database from events sent by our client machines or webpage calls (173483 "Using Item Trackers to audit/research who made changes in the Management Console" is how usually we can extract that type of details in our own processes). 
 
Currently, we don't have plans to have some sort of integration with Splunk.