Symantec Endpoint Protection Cloud
Version: Symantec Endpoint Protection Cloud.
Netsurion Data Source Integration captures important and critical activities in Symantec Endpoint Protection Cloud. Monitoring these activities is critical from a security aspect such as a threat detected, critical module enabled or disabled. It is also necessary for compliance and operational reasons such as device management, login logout events, and scan details. The Data Source Integration helps you in achieving below mentioned security, operations and compliance needs.
Netsurion Open XDR monitors all the Symantec Endpoint Protection Cloud events, some of them are given below.
- Security: Provides information regarding the threats detected, scan details and other critical events.
- Compliance: Login logout activities, device management, etc.
Once Symantec Endpoint Protection Cloud is configured to deliver logs to Netsurion Open XDR; Reports, Categories, and Knowledge Objects can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Symantec Endpoint Protection Cloud – Threat detection | This alert is generated when the Symantec Endpoint Protection Cloud detects any malware or threats. |
| Security | Symantec Endpoint Protection Cloud – Scan aborted | This alert is generated when the Symantec Endpoint Protection scan is aborted. |
| Security | Symantec Endpoint Protection Cloud – Definition update failed | This alert is generated when the Symantec Endpoint Protection Cloud detects any definition update fails. |
| Security | Symantec Endpoint Protection Cloud – Critical feature disabled | This alert is generated when the Symantec Endpoint Protection Cloud detects any critical feature disabled gets disabled. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Symantec Endpoint Protection Cloud – Threat detection | This report provides details about the threat detected by Symantec Endpoint Protection Cloud. |
| Security | Symantec Endpoint Protection Cloud – Scan details | This report provides details about all the scans that have been performed. |
| Compliance | Symantec Endpoint Protection Cloud – Console login logout details | This report provides details about the login logout activities. |
| Compliance | Symantec Endpoint Protection Cloud – Management activities | This report provides details about the management activities such as device and client management. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, Symantec Endpoint Protection Cloud.
Download Integration Guide, SEP Cloud Integrator 2.0.0, and How-to Guide for configuration instructions and more information.