Symantec EDR Add-on for Splunk is data collector app which maintains credentials for Symantec EDR manager and Symantec Email Security.cloud and provides field extraction configurations. The main app is available on https://splunkbase.splunk.com/app/3453/.

This App contains both the standard Splunk module and Adaptive Response for Splunk Enterprise Security Suite (ES) app for executing endpoint isolate/re-join and delete file actions. The Adaptive Response leverages AR Framework solution provided by Splunk through Splunk Enterprise Security Suite (ES).

By clicking on the “Download” or “Install” button or using the licensed software, you agree to the terms and conditions of the Symantec Software License Agreement located at https://www.symantec.com/content/en/us/enterprise/eulas/splunk-app-eula-1-0.pdf.

The administrator guide is available on http://www.symantec.com/docs/TECH239938