Dear all,
Trying to import SEP Cloud events into Splunk I am using the scripts shared here (currently unavailable) which are working well with the old SEP Console, but having problems after the update with the new console.
Script output is not showing any error therefore neither getting the events generated in the new SEP Console.
Have checked the authentication token is created successfully.
Does someone succeed in importing SEP Cloud events after the update?
Are the following parameters still valid for contacting the new SEP Console API?
r3_url = "https://usea1.r3.securitycloud.symantec.com/r3_epmp_i"
oauth_url = "/oauth2/tokens"
export_api = "/sccs/v1/events/export"
Thanks in advance,
Kind regards,