All Apps and Add-ons

Splunk DB Connect: How to get McAfee ePO audit logs into Splunk?

timm747747
Path Finder

Has anyone been successful in getting McAfee ePO audit log information into Splunk? We are using DB Connect and are getting client events, but the audit logs (i.e., Deploying EE to 164 computers, Moved 3 systems, etc) are in a different table. I have the DB schema, but I'm not finding the ePO event info and it appears that there may be several table joins and lookups to get the information into one screen.

Thanks for any info you can provide.

Tim

0 Karma

timm747747
Path Finder

The table is called EPOProductEventsMT. Using the data in this table you can write alerts when epo changes are deployed.

0 Karma

ggb667
New Member

Does that mean I have to use DBConnect to obtain this information?

0 Karma

trross33
Path Finder

I am also looking to accomplish this. Is there any update?

0 Karma

hemant1989
New Member

Did you got any solution to this...even i am facing the same issue.

0 Karma
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...