Hi Team
Currently Splunk offers the 3.3.0 Add on for Symantec Endpoint Protection (aka SEP), this is an onpremise product, but Symantec also has a completely Cloud based solution called Endpoint Security (aka SES) that requires an integration with an API, I would like to know how Splunk is managing this kind of integration, my questions are:
1. Is there an Add on available that enables Splunk to collect data from the SES Cloud-API?
2. If not, What is the recommendation from Splunk to address the SES logs into the SIEM?
3. When is going to be available an agent even for a intermediate connection?
Best Regards
... View more