hi all, i still failed to decrypt the epo logs. this is my config.
[tcp://6514]
connection_host = ip
host = DCHQ-SIMSL-01
source = 10.220.34.23:6514
sourcetype = mcafee:epo:syslog
index = mcafee
[SSL]
serverCert=/splunk/cert/splunk-epo-remote.pem
requireClientCert=false
cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
any ideas? huhh
... View more