Install the Splunk Add-on for Symantec Endpoint Protection on your search heads
Follow these steps to install the Splunk Add-on for Symantec Endpoint Protection on your search heads.
Prepare your search heads
To automatically update the malware categories lookup file with the latest list of threats from Symantec, you must prepare the search heads. Perform the following steps on the search head cluster members:
- Remove the
eventgen.conffile and all files in the Samples folder. - Remove the
inputs.conffile.
Install the app on the search head
To install the Splunk Add-on for SEP download the add-on from Splunkbase.
Then, complete the following steps:
- From the Splunk Web home screen, click the gear icon next to Apps.
- Click Install app from file.
- Locate the downloaded file and click Upload.
- If Splunk Enterprise prompts you to restart, do so.
- From the Splunk Web home screen, click the gear icon next to Apps.
- Find the add-on and click Edit properties.
- Change Visible to No.
To verify that your installation succeeded, check that the add-on is at $SPLUNK_HOME/etc/apps/<Splunk_TA_name_of_add-on>.
| Install the Splunk Add-on for Symantec Endpoint Protection onto your forwarders | Install the Splunk Add-on for SEP onto your indexer cluster |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Download manual
Feedback submitted, thanks!