Installation

Cisco amp endpoint events configuration

vestator
Engager

Hi All,

I am new here and got an issue when I tried to connect Cisco AMP.

Infos: Splunk Enterprise Version:8.0.3

Cisco AMP for Endpoints Events Input Version: 1.1.8

I have configured Cisco AMP (API host: api.eu.amp.cisco.com, key, and ID: correct), splunk has internet access, and firewall rules are correct. 

Still, when I try to make a new input I've got an error messsage: "Warning! It appears your configuration is incomplete, so you will not be able to create any inputs. Please update your configuration."   

Do you have any idea? (tried the refresh)

Thanks,

Vestator

Labels (1)
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...