Splunk® Enterprise

Add Symantec Endpoint Protection data: Splunk Cloud

Acrobat logo Download manual as PDF


Splunk Enterprise version 7.3 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Enable automatic updates to the Splunk Add-on for Symantec Endpoint Protection lookup files

Symantec maintains a list of the latest security threats on its website. The Splunk Add-on for Symantec Endpoint Protection can poll this site regularly to keep the malware categories updated with the latest list. To enable automatic updates to the malware categories lookup file symantec_ep_malware_categories.csv, install and configure the add-on by following these steps:

  1. From the Splunk Cloud home screen, click the gear symbol next to Apps.
  2. In the row for Splunk Add-on for Symantec Endpoint Protection, click Set up.
  3. Select to enable the Splunk software so that it automatically updates the malware category lookup with the most list of threats and risks provided by Symantec.
  4. Adjust the polling interval (measured in seconds), if needed.
  5. If you are using a proxy, check Enable Proxy and complete the fields. The Splunk platform encrypts the proxy username and password when you save this page.
  6. If you checked Enable Proxy, check the Use proxy to do DNS resolution box if you want to perform DNS resolution through your proxy.
  7. If you checked Enable Proxy, select the type of proxy to use in the Proxy Type field.
  8. Click Save to save your configurations.
Last modified on 18 June, 2020
PREVIOUS
Configure monitor inputs for the Splunk Add-on for Symantec Endpoint Protection
  NEXT
Verify your SEP data

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters