Symantec Endpoint Detection and Response

Details
Content
Dependencies
Version History

Symantec EDR On-prem helps to detect threats on your network by filtering endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s) contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Symantec Endpoint Detection and Response (EDR) Integration

Symantec EDR uses machine learning and behavioral analytics to detect and expose suspicious network activities. Symantec EDR alerts you about potentially harmful activity, prioritizes incidents for quick triage, and lets you navigate endpoint activity records during your forensic analysis of potential attacks.

Symantec EDR lets you contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Symantec Endpoint Detection and Response (EDR) Integration

Symantec EDR lets you contain suspicious events, isolate potentially compromised devices, and delete malicious files and associated artifacts.

Classifiers

Name	Description
Symantec EDR - Incident Classifier	Symantec EDR Classifier
Symantec EDR - Incoming Mapper	Incoming Mapper for Symantec EDR
Symantec EDR Event- Incoming Mapper	Incoming mapper for Event

Incident Fields

Name	Description
SymantecEDR Incident Events
SymantecEDR Event Actor User
SymantecEDR Intrusion
SymantecEDR Antivirus
SymantecEDR Log Name
SymantecEDR Rule ID	The textual representation of the rule that triggered this incident
SymantecEDR Event Actor
SymantecEDR Event Type ID
SymantecEDR Event Process
SymantecEDR Detection Type	Symantec EDR Incident Detection Type
SymantecEDR Incident Comments
SymantecEDR Event Actor File
SymantecEDR Process File
SymantecEDR Threat
SymantecEDR attacks
SymantecEDR Enriched Data
SymantecEDR Scan
SymantecEDR Recommended Action	Recommended action for this incident. Possible actions could be isolating an endpoint, deleting fle from endpoint, blacklist URL, or domain, etc.
SymantecEDR Process User

Incident Types

Name	Description
Symantec EDR Incident
Symantec EDR Event

Integrations

Name	Description
Symantec Endpoint Detection and Response (EDR) - On Prem	Symantec EDR (On Prem) endpoints help to detect threats in your network by filter endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s). EDR on-premise capabilities allow incident responders to quickly search, identify, and contain all impacted endpoints while investigating threats using a choice of on-premises.

Layouts

Name	Description
Symantec EDR Event layout	Layout for Symantec EDR event
Symantec EDR Incident layout	Layout for Symantec EDR incident

Classifiers

Name	Description
Symantec EDR - Incident Classifier	Symantec EDR Classifier
Symantec EDR Event- Incoming Mapper	Incoming mapper for Event
Symantec EDR - Incoming Mapper	Incoming Mapper for Symantec EDR

Incident Fields

Name	Description
SymantecEDR Antivirus
SymantecEDR Event Actor
SymantecEDR Recommended Action	Recommended action for this incident. Possible actions could be isolating an endpoint, deleting fle from endpoint, blacklist URL, or domain, etc.
SymantecEDR attacks
SymantecEDR Log Name
SymantecEDR Rule ID	The textual representation of the rule that triggered this incident
SymantecEDR Process User
SymantecEDR Event Process
SymantecEDR Enriched Data
SymantecEDR Event Actor User
SymantecEDR Intrusion
SymantecEDR Detection Type	Symantec EDR Incident Detection Type
SymantecEDR Event Actor File
SymantecEDR Process File
SymantecEDR Incident Comments
SymantecEDR Threat
SymantecEDR Incident Events
SymantecEDR Scan
SymantecEDR Event Type ID

Incident Types

Name	Description
Symantec EDR Event
Symantec EDR Incident

Integrations

Name	Description
Symantec Endpoint Detection and Response (EDR) - On Prem	Symantec EDR (On Prem) endpoints help to detect threats in your network by filter endpoints data to find Indicators of Compromise (IoCs) and take actions to remediate the threat(s). EDR on-premise capabilities allow incident responders to quickly search, identify, and contain all impacted endpoints while investigating threats using a choice of on-premises.

Layouts

Name	Description
Symantec EDR Incident layout	Layout for Symantec EDR incident
Symantec EDR Event layout	Layout for Symantec EDR event

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (6)

Pack Name	Pack By
Common Types	By: Cortex XSOAR
Cortex XDR by Palo Alto Networks	By: Cortex XSOAR
Identity	By: Cortex XSOAR
Malware Core	By: Cortex XSOAR
Phishing	By: Cortex XSOAR
ServiceNow	By: Cortex XSOAR

All level dependencies (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

1.0.6 - 1370357 (September 11, 2024)

Layouts

Symantec EDR Event layout
Updated layout with canvas tab.
Symantec EDR Incident layout
Updated layout with canvas tab.

Related pull requests:
- 36021

Download

1.0.5 - R1340401 (September 3, 2024)

Incident Fields

New: SymantecEDR Log Name
New: SymantecEDR Threat
New: SymantecEDR Scan
New: SymantecEDR Event Type ID
New: SymantecEDR Antivirus
New: SymantecEDR Intrusion

Incident Types

New: Symantec EDR Event

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Added a new dropdown Incident data source in the configuration screen with two options i.e., Events and Incidents.
- Enabling the user to select whether to fetch events or incidents.
Added a query text field in the configuration screen to filter both incidents and events during fetching.

Related pull requests:
- 32164
- 31837

Download

1.0.4 - 743135 (January 4, 2024)

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31967

Download

1.0.3 - R7216131 (December 20, 2023)

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 28878

Download

1.0.2 - R5866730 (July 25, 2023)

Integrations

Symantec Endpoint Detection and Response (EDR) - On Prem

Added the DBotScore calculation for the file reputation command.
Added the Source Reliability integration parameter that defines the DBot score result reliability for the file reputation command.
Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27438

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	March 5, 2023
Last Release	September 11, 2024

WORKS WITH THE FOLLOWING INTEGRATIONS:

Symantec Endpoint Detection and Response (EDR) - On Prem

Palo Alto Networks Cortex XDR - Investigation and Response

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.