Getting Data In

McAfee ePO Splunk Cloud

N3Char
New Member

Hello!

We want to integrate McAfee ePO into a Splunk Cloud, but we only found tutorials on syslogging data. I've been looking and I don't think it's possible to syslog in to Splunk Cloud.

How can we do it?

 

Thanks!

0 Karma

johnansett
Communicator

If this is coming from onpremise ePO then yes, syslog is your answer. There is a TA you'll want to request installation in Splunk Cloud.  From your onpremise requirement, you'll need syslog and a UF to forward.  However, the easiest solution would be just to use SplunkConnect4Syslog (SC4S):

https://splunkbase.splunk.com/app/4740/

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The usual ways I've seen for onboarding EPO data are DB Connect and syslog.  Both have to be done on an on-prem heavy forwarder that does the onboarding and forwards the data to Splunk Cloud.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...