Hi,
I am fairly new to Splunk but have worked on Symantec DLP.
I would like to know how can we send DLP Incidents from DLP to Splunk.
There's an app for that. https://splunkbase.splunk.com/app/3029/
Yes, I have installed the app in Splunk web.
However, I am not sure how I configure DLP side to send incidents to this app. I have configured TCP input on Splunk too (Port 514) and a response rule in DLP with following details :
Host: