Symantec Endpoint Protection
Version: Symantec-Endpoint-Protection Version 12.1.6 to 14.
Symantec Endpoint Protection, developed by Symantec Corporation, is an antivirus and personal firewall software for centrally managed corporate environments providing security for both servers and workstations. Netsurion Open XDR support for Symantec’s Antivirus and IDS/IPS events is now available. Symantec’s security policy will consist of specific rules enabled with logging used to capture and send to Netsurion Open XDR. These events will be auto-identified, if enabled, and parsed into the Netsurion Open XDR report tables for later review.
Netsurion Data Source Integration for Symantec Endpoint Protection allows you to monitor the following components:-
- Operations – Agent created and deleted, Application blocked, Auto-protect disabled, Device disabled, Intrusion prevention disabled and Security risk detected
- Security – New Risks Detected in the Network, TruScan Proactive Threat Detection Over Time, TruScan Proactive Threat Distribution, Detected Risks Not Confirmed and Permitted Applications
- Compliance – Virus detected, Web attack blocked, Virus deletion failed, At Risk Computers and Confirmed Risks
Once Symantec Endpoint Protection is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||SEP – Live update started||This alert is generated when live update has been started.|
|Security||SEP – No update found||This alert is generated when no update are to be found.|
|Security||SEP – Remediation action failed||This alert is generated when remediation action fails.|
|Security||SEP – Remediation action pending||This alert is generated when remediation action is pending.|
|Security||SEP – Scan stopped||This alert is generated when scan is stopped.|
|Security||SEP – Security risk found||This alert is generated when security risk is found.|
|Compliance||SEP – Service shutdown||This alert is generated when service is shutdown.|
|Compliance||SEP – Virus detected||This alert is generated when virus is detected.|
|Compliance||SEP – Whitelist failure||This alert is generated when whitelist fails.|
|Compliance||SEP – Web attack blocked||This alert is generated when web attack is blocked.|
|Security||SEP – New Risks detected in the network||This report has been generated when a new set of risk has been detected in a network.|
|Security||SEP – TruScan proactive threat detection over time||This report has been generated when a threat has been detected over a period of time during a scan.|
|Security||SEP – TruScan proactive threat distribution||This report has been generated when a threat has been distributed during a scan.|
|Security||SEP – Detected risks not confirmed||This report has been generated when a risk has been detected but it has not been confirmed as a risk.|
|Security||SEP – Permitted applications||This report has been generated when an application has been given permission.|
|Compliance||SEP – Virus detected||This report has been generated when a virus has been detected in the system.|
|Compliance||SEP – Web attack blocked||This report has been generated when a web attack has been blocked.|
|Compliance||SEP – Virus deletion failed||This report has been generated when a virus has been detected and SEP tries to delete it but fails to delete.|
|Compliance||SEP – At risk computers||This report has been generated when a computer has been detected as a risk.|
|Compliance||SEP – Confirmed risks||This report has been generated when a risk has been detected and has been confirmed as a risk.|
The configuration details are consistent with Netsurion Open XDR 8.x and later, Symantec Endpoint Protection.
Download Integration Guide for configuration instructions and more information.