Splunk Enterprise Security

Splunk Add-on for Symantec Endpoint Protection: Why is our version of the TA 3.2.1, but Splunkbase shows the latest version is 2.0.1?


We are currently running Splunk 6.2.3. When our system was installed/configured, the TA-sep version 3.2.1. I recently looked at Splunkbase, and noticed that version 2.0.1 is the most current version. Is it possible that the person who configured our system installed a TA from Enterprise Security? We are not currently using Enterprise Security. If yes, are there differences between that and the version available on Splunkbase? If I want to upgrade to the most current version, would there be any issues if I replace the current TA (3.2.1) with the version from Splunkbase?

Thank you.

0 Karma

Splunk Employee
Splunk Employee

The add-on on Splunkbase is separate code and thus has its own versioning. TA-sep which is included within Enterprise Security is to be replaced with this new add-on, which now exists as an independent package.


Splunk Employee
Splunk Employee

2.0.1 is the correct latest version, and it is intended to replace the old TA-sep and TA-sav. You don't need to do any migration, as this is a new TA that can be run side-by-side with the old one. Release notes are here: http://docs.splunk.com/Documentation/AddOns/latest/SymantecEP/Releasenotes

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!