Symantec Endpoint Protection

Version: Symantec-Endpoint-Protection Version 12.1.6 to 14.

Symantec Endpoint Protection, developed by Symantec Corporation, is an antivirus and personal firewall software for centrally managed corporate environments providing security for both servers and workstations. Netsurion Open XDR support for Symantec’s Antivirus and IDS/IPS events is now available. Symantec’s security policy will consist of specific rules enabled with logging used to capture and send to Netsurion Open XDR. These events will be auto-identified, if enabled, and parsed into the Netsurion Open XDR report tables for later review.

Netsurion Data Source Integration for Symantec Endpoint Protection allows you to monitor the following components:-

  • Operations – Agent created and deleted, Application blocked, Auto-protect disabled, Device disabled, Intrusion prevention disabled and Security risk detected
  • Security – New Risks Detected in the Network, TruScan Proactive Threat Detection Over Time, TruScan Proactive Threat Distribution, Detected Risks Not Confirmed and Permitted Applications
  • Compliance – Virus detected, Web attack blocked, Virus deletion failed, At Risk Computers and Confirmed Risks

Once Symantec Endpoint Protection is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.