All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Installation Question - Windows Defender ATP Modular Inputs TA

rajanala
Path Finder
‎06-14-2019 09:25 AM

On the Splunk side , in a Distributed environment, where should this Windows Defender ATP Modular Inputs TA be installed ?
Only on the Search Heads ?

0 Karma
Reply

jnudell_2
Builder
‎06-14-2019 09:40 AM

Hi @rajanala ,

It looks like it should be installed on:
A heavy forwarder & search head(s)

It's recommended to put it on a heavy forwarder, where the data will be collected by the modular inputs, and then sent to the indexers. The search heads will need to get a copy for any search-time configurations.

0 Karma
Reply
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Get Updates on the Splunk Community!