All Apps and Add-ons

Proofpoint - ET Splunk TA: Request for developers from Splunk Cloud Support

wryanthomas
Communicator

Dear 'Proofpoint Splunk Integrators', developers of the Proofpoint - ET Splunk TA.

I've been working with Splunk Cloud Support to try to get this TA working for our Security team.

Challenge:
Scripted inputs are not currently allowed on Splunk Cloud Search Heads.
This TA uses scripted inputs to populate the ET lookups directly. Search Heads are where the lookups are needed.
When scripted inputs are not allowed, the initial view of the app does not prompt users for access code (for good reason).
When populating lookups on a heavy forwarder, there is no clear / easy path to getting the lookups (or the ET data) available on the Search Head.

Splunk Support has encouraged me to give feedback / make requests:
* at minimum, provide documentation to acknowledge this challenge and perhaps some guidance on how to work around it.
* update to include a built-in mechanism to allow people in this scenario to get the ET data from a heavy forwarder to a search head.

0 Karma

bwoodberg_proof
New Member

Hi Ryan,

I'm the product manager for the Splunk TA at Proofpoint. This will require an enhancement of the TA. I'm going to put it into an internal enhancement request for consideration of our next update of the app.

Best Regards,
Brad Woodberg

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...