All Apps and Add-ons

Splunk for Symantec SEP

vleung
New Member

Is anyone using Splunk for Symantec? Does it replaces the Symantec SEP management console?

Tags (1)
0 Karma

markteicherhp
New Member

I installed Symantec for Splunk and SEP Management Server on a separate machine, it does not appear the logs are being received, there must be a trick to get logs being sent correctly

thanks

0 Karma

astatrial
Contributor

Hi,
Did you installed everything properly ?
You need to configure the forwarder in order to send symantec logs.
Please refer to the next manual
https://docs.splunk.com/Documentation/AddOns/released/SymantecEP/About

0 Karma

o_calmels
Communicator

I,

In reporting, Splunk For Symantec add more features than the reporting in the SEPM console. Nevertheless, the SEPM console is absolutely indispensable to manage the SEP Solution.
Splunk For Symantec is best for:

  • Get all the logs from a single client (the console just display a category of log for a client, not all at the same time)
  • Associate SEPM logs with other security products of your compagny, like FireWall Gateways, DNS, proxy Etc ... in a way that you can make relations between these events and find relevent risk.
  • Make your own reports, SEPM do not allow you to create your reports, just using the proposed one.
  • List item

Cheers
Olivier.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...