Hi
We have to integrate McAfee epo(full fledged) instance with splunk i.e we want logs of EPO in splunk. What is the best way to do it. Should i install Universal forwarder on the epo machine or should i use EPO extended configuration and register my splunk as a syslog server there(donot know how to do this).Also we donot want to use ESS for this. Please help !!