Issue with Onboarding Cisco AMP Management Audit Logs into Splunk Cloud #94
Description
Upon thoroughly reviewing the Secure Endpoint API documentation, it has been determined that Audit Logs specifically under the Management menu are not supported for ingestion via the API. This limitation means that events related to management and administrative actions—which are critical for security monitoring—are not being ingested into Splunk. Unfortunately, there is currently no clear or documented workaround available to capture and ingest these specific types of logs.