Skip to main content

Symantec Endpoint Detection and Response

Details
Content
Dependencies
Version History

Download With Dependencies

Symantec EDR On-prem helps to detect threats on your network by filtering endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s) contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Symantec Endpoint Detection and Response (EDR) Integration

Symantec EDR uses machine learning and behavioral analytics to detect and expose suspicious network activities. Symantec EDR alerts you about potentially harmful activity, prioritizes incidents for quick triage, and lets you navigate endpoint activity records during your forensic analysis of potential attacks.

Symantec EDR lets you contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Symantec Endpoint Detection and Response (EDR) Integration

Symantec EDR uses machine learning and behavioral analytics to detect and expose suspicious network activities. Symantec EDR alerts you about potentially harmful activity, prioritizes incidents for quick triage, and lets you navigate endpoint activity records during your forensic analysis of potential attacks.

Symantec EDR lets you contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Classifiers

Name	Description
Symantec EDR - Incident Classifier	Symantec EDR Classifier
Symantec EDR Event- Incoming Mapper	Incoming mapper for Event
Symantec EDR - Incoming Mapper	Incoming Mapper for Symantec EDR

Incident Fields

Name	Description
SymantecEDR Event Process
SymantecEDR attacks
SymantecEDR Detection Type	Symantec EDR Incident Detection Type
SymantecEDR Event Actor User
SymantecEDR Scan
SymantecEDR Incident Events
SymantecEDR Threat
SymantecEDR Incident Comments
SymantecEDR Process User
SymantecEDR Event Actor
SymantecEDR Event Actor File
SymantecEDR Rule ID	The textual representation of the rule that triggered this incident
SymantecEDR Recommended Action	Recommended action for this incident. Possible actions could be isolating an endpoint, deleting fle from endpoint, blacklist URL, or domain, etc.
SymantecEDR Enriched Data
SymantecEDR Antivirus
SymantecEDR Log Name
SymantecEDR Process File
SymantecEDR Event Type ID
SymantecEDR Intrusion

Incident Types

Name	Description
Symantec EDR Event
Symantec EDR Incident

Integrations

Name	Description
Symantec Endpoint Detection and Response (EDR) - On Prem	Symantec EDR (On Prem) endpoints help to detect threats in your network by filter endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s). EDR on-premise capabilities allow incident responders to quickly search, identify, and contain all impacted endpoints while investigating threats using a choice of on-premises.

Layouts

Name	Description
Symantec EDR Event layout	Layout for Symantec EDR event
Symantec EDR Incident layout	Layout for Symantec EDR incident

Classifiers

Name	Description
Symantec EDR - Incident Classifier	Symantec EDR Classifier
Symantec EDR Event- Incoming Mapper	Incoming mapper for Event
Symantec EDR - Incoming Mapper	Incoming Mapper for Symantec EDR

Incident Fields

Name	Description
SymantecEDR Process File
SymantecEDR Incident Events
SymantecEDR Event Actor
SymantecEDR Incident Comments
SymantecEDR Antivirus
SymantecEDR Recommended Action	Recommended action for this incident. Possible actions could be isolating an endpoint, deleting fle from endpoint, blacklist URL, or domain, etc.
SymantecEDR Event Actor User
SymantecEDR Rule ID	The textual representation of the rule that triggered this incident
SymantecEDR Event Actor File
SymantecEDR attacks
SymantecEDR Detection Type	Symantec EDR Incident Detection Type
SymantecEDR Event Process
SymantecEDR Threat
SymantecEDR Scan
SymantecEDR Intrusion
SymantecEDR Process User
SymantecEDR Event Type ID
SymantecEDR Enriched Data
SymantecEDR Log Name

Incident Types

Name	Description
Symantec EDR Incident
Symantec EDR Event

Integrations

Name	Description
Symantec Endpoint Detection and Response (EDR) - On Prem	Symantec EDR (On Prem) endpoints help to detect threats in your network by filter endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s). EDR on-premise capabilities allow incident responders to quickly search, identify, and contain all impacted endpoints while investigating threats using a choice of on-premises.

Layouts

Name	Description
Symantec EDR Incident layout	Layout for Symantec EDR incident
Symantec EDR Event layout	Layout for Symantec EDR event

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (6)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Cortex XDR by Palo Alto Networks	By: Cortex XSOAR
Identity	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR
Phishing	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR

All level dependencies (2)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Base	By: Cortex XSOAR

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	March 5, 2023
Last Release	March 22, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

Symantec Endpoint Detection and Response (EDR) - On Prem

Cortex XDR - IOC

Cortex XDR - XQL Query Engine

Palo Alto Networks Cortex XDR - Investigation and Response

ServiceNow (Deprecated)

ServiceNow CMDB

ServiceNow IAM

ServiceNow v2

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.