All Apps and Add-ons

Tenable Add-On For Splunk: Limit collection time range on Security Center input

Ultra Champion

I have been looking at this TA as a replacement for the Splunk provided TA, since this gives slightly more control.

One major problem I have is that the SC input type does not allow you to specify an 'earliest' time from which to retrieve records.
Strangely the IO input does support this parameter!

Given a long history of records for the same sourcetype (thanks for keeping it consistent), having to import all the records again is duplicating, time consuming & licence impacting.

Is there a way by which I can limit the time range that the new TA will attempt to retrieve SC data, as you can for IO?

If my comment helps, please give it a thumbs up!
0 Karma