Splunk Enterprise Security

Splunk Add-on for Symantec Endpoint Protection: Why is our version of the TA 3.2.1, but Splunkbase shows the latest version is 2.0.1?


We are currently running Splunk 6.2.3. When our system was installed/configured, the TA-sep version 3.2.1. I recently looked at Splunkbase, and noticed that version 2.0.1 is the most current version. Is it possible that the person who configured our system installed a TA from Enterprise Security? We are not currently using Enterprise Security. If yes, are there differences between that and the version available on Splunkbase? If I want to upgrade to the most current version, would there be any issues if I replace the current TA (3.2.1) with the version from Splunkbase?

Thank you.

0 Karma

Splunk Employee
Splunk Employee

The add-on on Splunkbase is separate code and thus has its own versioning. TA-sep which is included within Enterprise Security is to be replaced with this new add-on, which now exists as an independent package.


Splunk Employee
Splunk Employee

2.0.1 is the correct latest version, and it is intended to replace the old TA-sep and TA-sav. You don't need to do any migration, as this is a new TA that can be run side-by-side with the old one. Release notes are here: http://docs.splunk.com/Documentation/AddOns/latest/SymantecEP/Releasenotes

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>