Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

McAfee ePO Splunk Cloud

N3Char
New Member
‎11-29-2021 02:13 AM

Hello!

We want to integrate McAfee ePO into a Splunk Cloud, but we only found tutorials on syslogging data. I've been looking and I don't think it's possible to syslog in to Splunk Cloud.

How can we do it?

 

Thanks!

0 Karma
Reply

johnansett
Communicator
‎12-08-2021 12:51 PM

If this is coming from onpremise ePO then yes, syslog is your answer. There is a TA you'll want to request installation in Splunk Cloud.  From your onpremise requirement, you'll need syslog and a UF to forward.  However, the easiest solution would be just to use SplunkConnect4Syslog (SC4S):

https://splunkbase.splunk.com/app/4740/

 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-29-2021 08:11 AM

The usual ways I've seen for onboarding EPO data are DB Connect and syslog.  Both have to be done on an on-prem heavy forwarder that does the onboarding and forwards the data to Splunk Cloud.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top