Hello. Configured the FireEye app as the API describes.
When firing off test events, I can tcpdump on the FE appliance and see the XML being sent. Also, while tailing the Splunk access log, I can see the POST with a 200 code.
I read that there are issues in regards to password lengths above 16, but I’m only using a 12 character on both. Also spoke with FE. They mentioned there used to be an issue with special characters in the pass, but that has now been resolved. Just wondering if you guys have seen any issues with the App that would cause the alerts not to show up in the Splunk App or any suggestions.