According to some other questions, Splunk Enterprise Security comes with SEP TA Addon with syslog support.
Any plans to release this for the rest of us?
Kind regards
Newer SEP Versions allow sending data via Syslog.
Only the litte outdated Splunk App is not so nice.
Newer SEP Versions allow sending data via Syslog.
Only the litte outdated Splunk App is not so nice.
TA-sep used to be bundled with Splunk Enterprise Security a few years ago, but it has been replaced with the Splunk Add-on for Symantec Endpoint Protection, which is Splunk-supported and available to everyone here: https://splunkbase.splunk.com/app/2772/.
The add-on collects data by monitoring local dump files locally.
Any plans to add syslog support for the sep logs?