Splunk® Enterprise

Add Symantec Endpoint Protection data: Distributed deployment with indexer clustering

Acrobat logo Download manual as PDF


Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Enable automatic updates to the Splunk Add-on for Symantec Endpoint Protection lookup files

Symantec maintains a list of the latest security threats on its website. The Splunk Add-on for Symantec Endpoint Protection can poll this site regularly to keep the malware categories updated with the latest list. To enable automatic updates to the malware categories lookup file symantec_ep_malware_categories.csv, install and configure the add-on by following these steps:

  1. From the Splunk Web home screen on your search head, click the gear symbol next to Apps.
  2. In the row for Splunk Add-on for Symantec Endpoint Protection, click Set up.
  3. Click the check box next to "Enable Splunk Enterprise to automatically update the malware category lookup table with the latest list of threats and risks from Symantec."
  4. Adjust the polling interval (measured in seconds), if needed.
  5. If you are using a proxy, check Enable Proxy and complete the fields. The Splunk platform encrypts the proxy username and password when you save this page.
  6. If you checked Enable Proxy, check the Use proxy to do DNS resolution box if you want to perform DNS resolution through your proxy.
  7. If you checked Enable Proxy, select the type of proxy to use in the Proxy Type field.
  8. Click Save to save your configurations.
Last modified on 28 August, 2018
PREVIOUS
Configure monitor inputs for the Splunk Add-on for Symantec Endpoint Protection
  NEXT
Verify your SEP data

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters