All Apps and Add-ons

Installation Question - Windows Defender ATP Modular Inputs TA

rajanala
Path Finder

On the Splunk side , in a Distributed environment, where should this Windows Defender ATP Modular Inputs TA be installed ?
Only on the Search Heads ?

0 Karma

jnudell_2
Builder

Hi @rajanala ,

It looks like it should be installed on:
A heavy forwarder & search head(s)

It's recommended to put it on a heavy forwarder, where the data will be collected by the modular inputs, and then sent to the indexers. The search heads will need to get a copy for any search-time configurations.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...