Getting Data In

McAfee ePO Splunk Cloud

N3Char
New Member

Hello!

We want to integrate McAfee ePO into a Splunk Cloud, but we only found tutorials on syslogging data. I've been looking and I don't think it's possible to syslog in to Splunk Cloud.

How can we do it?

 

Thanks!

Labels (1)
0 Karma

johnansett
Communicator

If this is coming from onpremise ePO then yes, syslog is your answer. There is a TA you'll want to request installation in Splunk Cloud.  From your onpremise requirement, you'll need syslog and a UF to forward.  However, the easiest solution would be just to use SplunkConnect4Syslog (SC4S):

https://splunkbase.splunk.com/app/4740/

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The usual ways I've seen for onboarding EPO data are DB Connect and syslog.  Both have to be done on an on-prem heavy forwarder that does the onboarding and forwards the data to Splunk Cloud.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...