Endpoint security is the practice of securing entry point of end users such as desktops, laptops, mobile devices, servers, storage devices, and containers on the network or the cloud from all the threats and malicious actors. The Endpoint security approaches have evolved from using traditional antivirus software to highly advanced systems to protect and remediate complex malicious activities.
Symantec Endpoint Security is one such fully cloud-managed software suite that consists of anti-malware, intrusion prevention, behavioral isolation, Active Directory security, and Threat Hunter technologies to protect your endpoints against threats and targeted attacks. It generates alerts, incidents and events based on scans, policies, and rules. An event is generated when Symantec Endpoint Security detects that activity occurred on a device. An incident is a collection of one or more events that represent a significant risk or potential threat to the organization. Alerts can be triggered by a single event or multiple events.
Netwitness Platform XDR Integrates with Symantec Endpoint Security to collect events from the event stream in real-time and EDR incidents from Symantec Endpoint Security.
Integration Model:
To take advantage of this new capability of Symantec Endpoint Security Integration within NetWitness, please visit the link below and search for the terms below in NetWitness Live.
Configuration Guides: Symantec Endpoint Security Events , Symantec Endpoint Security Incidents
Collector Package on NetWitness Live: "Symantec Endpoint Security Events Log Collector Configuration" , "Symantec Endpoint Security Incidents Log Collector Configuration"
Parser on NetWitness Live: symantec_endpointsecurity
Integration reference:
- https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Integrations/Event-streaming-using-EDR.html
- https://apidocs.securitycloud.symantec.com/#/doc?id=ses_about
