Skip to main content

Symantec Endpoint Protection

Download With Dependencies

Query the Symantec Endpoint Protection Manager using the official REST API.

Symantec Endpoint Protection

This pack includes Cortex XSIAM content.

Symantec Endpoint Protection

This pack includes Cortex XSIAM content.

Configuration on Server Side

  1. Log in to Symantec Endpoint Protection Manager.
  2. In the console, go to Admin > Servers.
  3. Click the local site or remote site that you want to export log data from.
  4. Click Configure External Logging.
  5. Fill in all the needed information such as the Syslog Server's IP and the frequency for sending the logs.

For more information, see the following documentation.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.
  2. Right-click, and select Syslog Collector > Configure.
  3. When configuring the Syslog Collector, set the following values:
    • vendor as vendor - symantec
    • product as product - ep

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 30, 2020
Last ReleaseNovember 20, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:
DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.