Proofpoint - ET Splunk TA: Request for developers ...

wryanthomas · ‎07-04-2019

Dear 'Proofpoint Splunk Integrators', developers of the Proofpoint - ET Splunk TA.

I've been working with Splunk Cloud Support to try to get this TA working for our Security team.

Challenge:
Scripted inputs are not currently allowed on Splunk Cloud Search Heads.
This TA uses scripted inputs to populate the ET lookups directly. Search Heads are where the lookups are needed.
When scripted inputs are not allowed, the initial view of the app does not prompt users for access code (for good reason).
When populating lookups on a heavy forwarder, there is no clear / easy path to getting the lookups (or the ET data) available on the Search Head.

Splunk Support has encouraged me to give feedback / make requests:
* at minimum, provide documentation to acknowledge this challenge and perhaps some guidance on how to work around it.
* update to include a built-in mechanism to allow people in this scenario to get the ET data from a heavy forwarder to a search head.

bwoodberg_proof · ‎07-26-2019

Hi Ryan,

I'm the product manager for the Splunk TA at Proofpoint. This will require an enhancement of the TA. I'm going to put it into an internal enhancement request for consideration of our next update of the app.

Best Regards,
Brad Woodberg

Proofpoint - ET Splunk TA: Request for developers from Splunk Cloud Support

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation