Splunk Add-on for Symantec Endpoint Protection: Wh...

adamblock1 · ‎07-27-2015

We are currently running Splunk 6.2.3. When our system was installed/configured, the TA-sep version 3.2.1. I recently looked at Splunkbase, and noticed that version 2.0.1 is the most current version. Is it possible that the person who configured our system installed a TA from Enterprise Security? We are not currently using Enterprise Security. If yes, are there differences between that and the version available on Splunkbase? If I want to upgrade to the most current version, would there be any issues if I replace the current TA (3.2.1) with the version from Splunkbase?

Thank you.

mreynov_splunk · ‎07-27-2015

The add-on on Splunkbase is separate code and thus has its own versioning. TA-sep which is included within Enterprise Security is to be replaced with this new add-on, which now exists as an independent package.

http://docs.splunk.com/Documentation/AddOns/latest/SymantecEP/Releasenotes#Migration_guide

rpille_splunk · ‎07-27-2015

2.0.1 is the correct latest version, and it is intended to replace the old TA-sep and TA-sav. You don't need to do any migration, as this is a new TA that can be run side-by-side with the old one. Release notes are here: http://docs.splunk.com/Documentation/AddOns/latest/SymantecEP/Releasenotes

Splunk Add-on for Symantec Endpoint Protection: Why is our version of the TA 3.2.1, but Splunkbase shows the latest version is 2.0.1?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life