Symantec Endpoint Detection and Response

Details
Content
Dependencies
Version History

Symantec EDR On-prem helps to detect threats on your network by filtering endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s) contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Symantec Endpoint Detection and Response (EDR) Integration

Symantec EDR uses machine learning and behavioral analytics to detect and expose suspicious network activities. Symantec EDR alerts you about potentially harmful activity, prioritizes incidents for quick triage, and lets you navigate endpoint activity records during your forensic analysis of potential attacks.

Symantec EDR lets you contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Symantec Endpoint Detection and Response (EDR) Integration

Symantec EDR lets you contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Classifiers

Name	Description
Symantec EDR - Incident Classifier	Symantec EDR Classifier
Symantec EDR Event- Incoming Mapper	Incoming mapper for Event
Symantec EDR - Incoming Mapper	Incoming Mapper for Symantec EDR

Incident Fields

Name	Description
SymantecEDR Process User
SymantecEDR Recommended Action	Recommended action for this incident. Possible actions could be isolating an endpoint, deleting fle from endpoint, blacklist URL, or domain, etc.
SymantecEDR Antivirus
SymantecEDR Scan
SymantecEDR attacks
SymantecEDR Threat
SymantecEDR Rule ID	The textual representation of the rule that triggered this incident
SymantecEDR Incident Events
SymantecEDR Enriched Data
SymantecEDR Process File
SymantecEDR Intrusion
SymantecEDR Incident Comments
SymantecEDR Log Name
SymantecEDR Detection Type	Symantec EDR Incident Detection Type
SymantecEDR Event Actor
SymantecEDR Event Type ID
SymantecEDR Event Process
SymantecEDR Event Actor User
SymantecEDR Event Actor File

Incident Types

Name	Description
Symantec EDR Incident
Symantec EDR Event

Integrations

Name	Description
Symantec Endpoint Detection and Response (EDR) - On Prem	Symantec EDR (On Prem) endpoints help to detect threats in your network by filter endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s). EDR on-premise capabilities allow incident responders to quickly search, identify, and contain all impacted endpoints while investigating threats using a choice of on-premises.

Layouts

Name	Description
Symantec EDR Event layout	Layout for Symantec EDR event
Symantec EDR Incident layout	Layout for Symantec EDR incident

Classifiers

Name	Description
Symantec EDR - Incident Classifier	Symantec EDR Classifier
Symantec EDR Event- Incoming Mapper	Incoming mapper for Event
Symantec EDR - Incoming Mapper	Incoming Mapper for Symantec EDR

Incident Fields

Name	Description
SymantecEDR Incident Comments
SymantecEDR Event Actor File
SymantecEDR Process User
SymantecEDR Intrusion
SymantecEDR Enriched Data
SymantecEDR Event Actor
SymantecEDR Event Actor User
SymantecEDR Detection Type	Symantec EDR Incident Detection Type
SymantecEDR Scan
SymantecEDR Event Process
SymantecEDR Log Name
SymantecEDR Antivirus
SymantecEDR Rule ID	The textual representation of the rule that triggered this incident
SymantecEDR attacks
SymantecEDR Threat
SymantecEDR Event Type ID
SymantecEDR Recommended Action	Recommended action for this incident. Possible actions could be isolating an endpoint, deleting fle from endpoint, blacklist URL, or domain, etc.
SymantecEDR Incident Events
SymantecEDR Process File

Incident Types

Name	Description
Symantec EDR Event
Symantec EDR Incident

Integrations

Name	Description
Symantec Endpoint Detection and Response (EDR) - On Prem	Symantec EDR (On Prem) endpoints help to detect threats in your network by filter endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s). EDR on-premise capabilities allow incident responders to quickly search, identify, and contain all impacted endpoints while investigating threats using a choice of on-premises.

Layouts

Name	Description
Symantec EDR Incident layout	Layout for Symantec EDR incident
Symantec EDR Event layout	Layout for Symantec EDR event

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (6)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Cortex XDR by Palo Alto Networks	By: Cortex XSOAR
Identity	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR
Phishing	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR

All level dependencies (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

1.0.5 - 766592 (January 16, 2024)

Incident Fields

New: SymantecEDR Log Name
New: SymantecEDR Threat
New: SymantecEDR Scan
New: SymantecEDR Event Type ID
New: SymantecEDR Antivirus
New: SymantecEDR Intrusion

Incident Types

New: Symantec EDR Event

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Added a new dropdown Incident data source in the configuration screen with two options i.e., Events and Incidents.
- Enabling the user to select whether to fetch events or incidents.
Added a query text field in the configuration screen to filter both incidents and events during fetching.

Related pull requests:
- 32164
- 31837

Download

1.0.4 - 743135 (January 4, 2024)

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31967

Download

1.0.3 - R7216131 (December 20, 2023)

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 28878

Download

1.0.2 - R5866730 (July 25, 2023)

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Added the DBotScore calculation for the file reputation command.
Added the Source Reliability integration parameter that defines the DBot score result reliability for the file reputation command.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27438

Download

1.0.1 - 5277943 (May 16, 2023)

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Updated the Docker image to: demisto/python3:3.10.11.58677.

Related pull requests:
- 26476

Download

1.0.0 - 5268538 (March 5, 2023)

Download

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	March 5, 2023
Last Release	January 16, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

Symantec Endpoint Detection and Response (EDR) - On Prem

Palo Alto Networks Cortex XDR - Investigation and Response

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.