All Apps and Add-ons

Installation Question - Windows Defender ATP Modular Inputs TA

rajanala
Path Finder

On the Splunk side , in a Distributed environment, where should this Windows Defender ATP Modular Inputs TA be installed ?
Only on the Search Heads ?

0 Karma

jnudell_2
Builder

Hi @rajanala ,

It looks like it should be installed on:
A heavy forwarder & search head(s)

It's recommended to put it on a heavy forwarder, where the data will be collected by the modular inputs, and then sent to the indexers. The search heads will need to get a copy for any search-time configurations.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!