Hi Adam
Thanks for your reply.
As far as I know the Symantec SOC View App for Splunk requires ICDx , but the requirements for this platform seems to be old and my concern is if it's going to receive maintenance for the newest versions of Ubuntu and RedHat.
I'm finding difficulties to quickly enable a logging collection from SES to third party SIEMs and ICDx could be a real alternative but is subject to receive confirmation that still on the development plans for Broadcom.
I asked about the maintenance also at the ICDx forum (replying to another colleague but both questions still unanswered)
Ubuntu Server 20.04 LTS | ICDx (broadcom.com)
Original Message:
Sent: Apr 26, 2022 11:21 AM
From: Adam Licata
Subject: Follow up: Splunk Add on for Endpoint Security
The latest Splunk app (Symantec SOC View App for Splunk) supports the SES (cloud) APIs. It can be downloaded here: https://tipp-integrations.broadcom.com/partner-downloads/splunk
Original Message:
Sent: Apr 25, 2022 01:14 PM
From: Rodrigo Calvo
Subject: Follow up: Splunk Add on for Endpoint Security
Hi Team
Long time ago on this Community someone asked if Endpoint Security already has a collector or Add on to export the logs to Splunk. The response to this was: "you must use API for SES to export event data to external logging system", so my question is if something changed over the time and the SIEM manufacturer already created the integration with the API ( I don't want to create something that is already designed).
Best Regards