About the Splunk Add-on for Symantec Endpoint Protection¶
| Version | 4.0.0 |
| Vendor Products | Symantec Endpoint Protection versions 14.0 to 14.2RU2, 14.3.35RU1 MP1, 14.3RU4, 14.3 RU10 |
| Visible in Splunk Web | No. This add-on does not contain any views. |
Use the Splunk Add-on for Symantec Endpoint Protection (SEP) to collect SEP server and client activity logs from:
- Symantec Endpoint Protection Manager dump files
- Syslog, using Splunk forwarders and Splunk Connect for Syslog
You can collect the following log files:
- Server Administration
- Application and Device Control
- Server Client
- Server Policy
- Server System
- Client Packet
- Client Proactive Threat
- Client Risk
- Client Scan
- Client Security
- Client System
- Client Traffic
This add-on provides inputs and CIM-compatible knowledge that you can use with other Splunk Enterprise add-ons and apps. These include Splunk Enterprise Security and the Splunk App for PCI Compliance.
Download the Splunk Add-on for Symantec Endpoint Protection from Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Symantec Endpoint Protection.
For information about installing and configuring the Splunk Add-on for Splunk Add-on for Symantec Endpoint Protection, see Installation and configuration overview for the Splunk Add-on for Symantec Endpoint Protection .
See Questions related to Splunk Add-on for Symantec Endpoint Protection on Splunk Answers.