This quick start guide will help Accenture Security customers configure Splunk® Enterprise™ for Windows® to send logs to the Log collection Platform (LCP).
...
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MSS_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal - https://mss.accenture.com/PortalNextGen/Reports/Documents
...
Table 1-2: The Splunk Enterprise for Windows event collector (Syslog - 3780) properties to be configured by MDR are shown in the table.
Property | Default Value | Description |
Protocol | TCP | Default protocol for syslog events. |
IP Address | Splunk Enterprise for Windows IP address | Logging device IP address mentioned in the Pre-Installation Questionnaire (PIQ). Note: If the device sends logs using multiple interfaces, contact the Accenture Security MDR onboarding team. |
Signature | LogName=Security, LogName=Application, LogName=System | MDR recommended signatures processed by the Splunk Enterprise for Windows event collector. |
Port Number | 601 | The default port for syslog. Note: Please discuss with onboarding team if you have any technologies sending logs to LCP with same port and protocol |
...