Splunk Enterprise Security

Splunk Add-on for Symantec Endpoint Protection: Why is our version of the TA 3.2.1, but Splunkbase shows the latest version is 2.0.1?

adamblock1
Explorer

We are currently running Splunk 6.2.3. When our system was installed/configured, the TA-sep version 3.2.1. I recently looked at Splunkbase, and noticed that version 2.0.1 is the most current version. Is it possible that the person who configured our system installed a TA from Enterprise Security? We are not currently using Enterprise Security. If yes, are there differences between that and the version available on Splunkbase? If I want to upgrade to the most current version, would there be any issues if I replace the current TA (3.2.1) with the version from Splunkbase?

Thank you.

0 Karma

mreynov_splunk
Splunk Employee
Splunk Employee

The add-on on Splunkbase is separate code and thus has its own versioning. TA-sep which is included within Enterprise Security is to be replaced with this new add-on, which now exists as an independent package.

http://docs.splunk.com/Documentation/AddOns/latest/SymantecEP/Releasenotes#Migration_guide

rpille_splunk
Splunk Employee
Splunk Employee

2.0.1 is the correct latest version, and it is intended to replace the old TA-sep and TA-sav. You don't need to do any migration, as this is a new TA that can be run side-by-side with the old one. Release notes are here: http://docs.splunk.com/Documentation/AddOns/latest/SymantecEP/Releasenotes

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!