topic Re: How to pull logs from Symantec Protection Engine? in Monitoring Splunk

How to pull logs from Symantec Protection Engine?

vrattlesnake — Tue, 27 Nov 2018 05:26:22 GMT

Can we pull the logs from Splunk end instead of sending them from Symantec Protection Engine using a third party tool? I know it is possible using QRadar, not sure how it works on Splunk.

Re: How to pull logs from Symantec Protection Engine?

inventsekar — Tue, 27 Nov 2018 07:24:53 GMT

Can we pull the logs from Splunk end instead of sending them from Symantec Protection Engine using a third party tool?
Not sure of this above sentence.

Please update us - you would like to send data
from Symantec Protection Engine to Splunk?
or
from Splunk to Symantec Protection Engine?

Re: How to pull logs from Symantec Protection Engine?

vrattlesnake — Tue, 27 Nov 2018 07:43:52 GMT

QRadar has the ability to gather logs from sources (like SPE). I believe its using API. Is there something similar for Splunk?

Re: How to pull logs from Symantec Protection Engine?

inventsekar — Tue, 27 Nov 2018 08:30:18 GMT

QRadar has the ability to gather logs from sources (like SPE)///
Yes, Splunk has the same ability.

You can install a splunk universal forwarder on a host and configure it to collect logs. most of the famous appliances/applications are having their own custom built "splunk apps", which will do most of the collection and configuration tasks.

Please check these -

https://splunkbase.splunk.com/app/2772/

https://www.symantec.com/connect/groups/symantec-apps-splunk

As you are a new user to Splunk Answers, you can upvote the answers/comments,
if this answer resolved your query, you can select this answer and "accept" it as the answer, so that this question will be moved to answered queue. Happy Splunking!

Re: How to pull logs from Symantec Protection Engine?

vrattlesnake — Tue, 27 Nov 2018 10:11:06 GMT

https://splunkbase.splunk.com/app/2772/
this is for SEP not SPE.

https://www.symantec.com/connect/groups/symantec-apps-splunk
I dont see SPE in this. So i guess Splunk forwarder is how i should proceed. I will look into it. Thanks.

Re: How to pull logs from Symantec Protection Engine?

inventsekar — Tue, 27 Nov 2018 10:45:36 GMT

yep, if you can install a splunk universal forwarder(UF), you can do all pull all kinds of logs.
(i didnt know Symantec Protection Engine, otherwise, i should have suggested Splunk UF at first itself).
maybe, please accept this as the answer, so that this question will be moved from unanswered to answered. thanks.

Re: How to pull logs from Symantec Protection Engine?

vrattlesnake — Tue, 04 Dec 2018 08:11:51 GMT

Thank you.