Endpoint Security Complete

 View Only
  • 1.  Follow up: Splunk Add on for Endpoint Security

    Posted Apr 25, 2022 01:15 PM
    Hi Team

    Long time ago on this Community someone asked if Endpoint Security already has a collector or Add on to export the logs to Splunk. The response to this was: "you must use API for SES to export event data to external logging system", so my question is if something changed over the time and the SIEM manufacturer already created the integration with the API ( I don't want to create something that is already designed).

    Best Regards



  • 2.  RE: Follow up: Splunk Add on for Endpoint Security

    Broadcom Employee
    Posted Apr 26, 2022 11:22 AM
    The latest Splunk app (Symantec SOC View App for Splunk) supports the SES (cloud) APIs. It can be downloaded here: https://tipp-integrations.broadcom.com/partner-downloads/splunk


  • 3.  RE: Follow up: Splunk Add on for Endpoint Security

    Posted May 03, 2022 10:18 AM
    Hi Adam
    Thanks for your reply.
    As far as I know the Symantec SOC View App for Splunk requires ICDx , but the requirements for this platform seems to be old and my concern is if it's going to receive maintenance for the newest versions of Ubuntu and RedHat.

    I'm finding difficulties to quickly enable a logging collection from SES to third party SIEMs and ICDx could be a real alternative but is subject to receive confirmation that still on the development plans for Broadcom.

    I asked about the maintenance also at the ICDx forum (replying to another colleague but both questions still unanswered)
    Ubuntu Server 20.04 LTS | ICDx (broadcom.com)


  • 4.  RE: Follow up: Splunk Add on for Endpoint Security

    Broadcom Employee
    Posted May 04, 2022 01:38 PM
    The latest version of the SOC View app for Splunk does not require ICDx to pull incidents and events from SES (cloud managed). Its collector connects directly to the cloud APIs.


  • 5.  RE: Follow up: Splunk Add on for Endpoint Security

    Posted May 04, 2022 03:39 PM
    Hi Adam

    Do you mean v 2.1?
    Yeah I have noticed the access to the ICDm

    Thanks