Symantec Advanced Threat Protection (ATP) APP
Symantec Advanced Threat Protection (ATP) helps you to uncover, prioritize, investigate, remediate complex attacks across endpoint, email, network, and web from one console. Symantec ATP App for Splunk utilizes power of Splunk and provides you an aggregated as well as individual visualizations for Network, Endpoint and Email by collecting data from Symantec ATP and Symantec Email Security Cloud.
Symantec ATP Add-on APP
Symantec ATP Add-on for Splunk is data collector app which maintains credentials for Symantec ATP manager and Symantec Email Security.cloud and provides field extraction configurations. The main app is available on https://splunkbase.splunk.com/app/3453/.
This App contains both the standard Splunk module and Adaptive Response for Splunk Enterprise Security Suite (ES) app for executing endpoint isolate/re-join and delete file actions. The Adaptive Response leverages AR Framework solution provided by Splunk through Splunk Enterprise Security Suite (ES).
NOTE: ATP APP requires installion of the ATP add-on.