Symantec Endpoint Protection
This pack includes Cortex XSIAM content.
Symantec Endpoint Protection
- Details
- Content
- Dependencies
- Version History
Query the Symantec Endpoint Protection Manager using the official REST API.
Symantec Endpoint Protection
This pack includes Cortex XSIAM content.
Configuration on Server Side
- Log in to Symantec Endpoint Protection Manager.
- In the console, go to Admin > Servers.
- Click the local site or remote site that you want to export log data from.
- Click Configure External Logging.
- Fill in all the needed information such as the Syslog Server's IP and the frequency for sending the logs.
For more information, see the following documentation.
Collect Events from Vendor
In order to use the collector, use the Broker VM option.
Broker VM
To create or configure the Broker VM, use the information described here.
You can configure the specific vendor and product for this instance.
- Navigate to Settings > Configuration > Data Broker > Broker VMs.
- Right-click, and select Syslog Collector > Configure.
- When configuring the Syslog Collector, set the following values:
- vendor as vendor - symantec
- product as product - ep
Timestamp Ingestion
Timestamp ingestion from raw logs is supported only for the format: MMM dd hh:mm:ss.nnn (e.g., Dec 1 10:00:00).
The default time zone for the timestamp extraction is in UTC (+00:00) time.
Any requirement for another time zone, demands altering the time zone used in the default Parsing Rule by changing it in the User Defined section according to your needs.
Automations
| Name | Description |
|---|---|
| SEPCheckOutdatedEndpoints | Check if any endpoints are using an AV definition that is not the latest version. |
Integrations
| Name | Description |
|---|---|
| Symantec Endpoint Protection v2 | Query the Symantec Endpoint Protection Manager using the official REST API. |
Automations
| Name | Description |
|---|---|
| SEPCheckOutdatedEndpoints | Check if any endpoints are using an AV definition that is not the latest version. |
Integrations
| Name | Description |
|---|---|
| Symantec Endpoint Protection v2 | Query the Symantec Endpoint Protection Manager using the official REST API. |
Modeling Rules
| Name | Description |
|---|---|
Symantec Endpoint Protection Modeling Rule |
Parsing Rules
| Name | Description |
|---|---|
Symantec Endpoint Protection Parsing Rule |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (0)
| Pack Name | Pack By |
|---|
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
1.1.0 - 2773920 (April 17, 2022)
Integrations
Symantec Endpoint Protection v2
- Fixed an issue where passwords with special characters raised authentication error.
1.0.8 - R2146019 (December 21, 2021)
Scripts
SEPCheckOutdatedEndpoints
- Updated the Docker image to: demisto/python:2.7.18.24398.
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | June 30, 2020 | |
| Last Release | January 9, 2025 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
