Getting Data In

McAfee ePO Splunk Cloud

N3Char
New Member

Hello!

We want to integrate McAfee ePO into a Splunk Cloud, but we only found tutorials on syslogging data. I've been looking and I don't think it's possible to syslog in to Splunk Cloud.

How can we do it?

 

Thanks!

Labels (1)
0 Karma

johnansett
Communicator

If this is coming from onpremise ePO then yes, syslog is your answer. There is a TA you'll want to request installation in Splunk Cloud.  From your onpremise requirement, you'll need syslog and a UF to forward.  However, the easiest solution would be just to use SplunkConnect4Syslog (SC4S):

https://splunkbase.splunk.com/app/4740/

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The usual ways I've seen for onboarding EPO data are DB Connect and syslog.  Both have to be done on an on-prem heavy forwarder that does the onboarding and forwards the data to Splunk Cloud.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...