Splunk® Enterprise

Add Symantec Endpoint Protection data: Single instance

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

Enable automatic updates to the Splunk Add-on for Symantec Endpoint Protection lookup files

Symantec maintains a list of the latest security threats on its website. The Splunk Add-on for Symantec Endpoint Protection can poll this site regularly to keep the malware categories updated with the latest list. To enable automatic updates to the malware categories lookup file symantec_ep_malware_categories.csv, install and configure the add-on by following these steps:

  1. From the Splunk Web home screen of your Splunk Cloud instance, click the gear symbol next to Apps.
  2. In the row for Splunk Add-on for Symantec Endpoint Protection, click Set up.
  3. Click the check box next to Enable Splunk Enterprise to automatically update the malware category lookup table with the latest list of threats and risks from Symantec.
  4. Adjust the polling interval, measured in seconds,, if needed.
  5. If you are using a proxy, check Enable Proxy and complete the fields. The Splunk platform encrypts the proxy username and password when you save this page.
    1. Check the Use proxy to do DNS resolution box if you want to perform DNS resolution through your proxy.
    2. Select the type of proxy to use in the Proxy Type field.
  6. Click Save.
Last modified on 28 September, 2018
Configure the Symantec Endpoint Protection Manager to export your log data
Configure monitor inputs for the Splunk Add-on for Symantec Endpoint Protection

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters