Hello!
We want to integrate McAfee ePO into a Splunk Cloud, but we only found tutorials on syslogging data. I've been looking and I don't think it's possible to syslog in to Splunk Cloud.
How can we do it?
Thanks!
If this is coming from onpremise ePO then yes, syslog is your answer. There is a TA you'll want to request installation in Splunk Cloud. From your onpremise requirement, you'll need syslog and a UF to forward. However, the easiest solution would be just to use SplunkConnect4Syslog (SC4S):
https://splunkbase.splunk.com/app/4740/
The usual ways I've seen for onboarding EPO data are DB Connect and syslog. Both have to be done on an on-prem heavy forwarder that does the onboarding and forwards the data to Splunk Cloud.