You can install this add-on on a search head cluster for all search-time functionality. See Source types for the Splunk Add-on for McAfee. This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features. Documentation Splunk Supported Add-ons Splunk Add-on for McAfee ePO Syslog Configure inputs using TCP or UDP Download topic as PDF Configure inputs using TCP or UDP Note the following: The source type for this add-on is mcafee:epo:syslog. You must also install this add-on on your indexers if you use a universal forwarder rather than a heavy forwarder to monitor McAfee NSP logs. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps such as Splunk Enterprise Security and Splunk App for PCI Compliance. If installed on heavy forwarders, does not need to be installed on indexers. The Splunk Add-on for Check Point Log Exporter allows a Splunk software administrator to collect data from Checkpoint Log Exporter over Syslog. Required if you use universal or light forwarders to monitor McAfee NSP logs. Not required if you use heavy forwarders to monitor McAfee NSP logs. The Splunk Add-on for Cisco ESA allows the Splunk software administrator to leverage Textmail, HTTP, Consolidated Event Logs, AMP, Delivery, Bounce, and Authentication logs of Cisco ESA. Install this add-on to all search heads where McAfee NSP knowledge management is required. The System Tagger for McAfee ePO add-on allows Splunk users who are also using McAfee ePolicy Orchestrator (ePO) for endpoint security management to apply or remove ePO tags to systems in ePO as the result of a search. This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise. See the Installation walkthrough section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light. Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |