This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

P-Symantec Endpoint Protection

This is the official forum for discussing the ArcSight Activate P-Symantec Endpoint Protection package, as described in the Activate Wiki

  • 0

    Is there any work being done to update the product package to support SEP 14? It looks like from the SEP schema document between 12 and 14 that the event codes across all of the parsers and none have changed materially as listed. What would be the appropriate path forward? Should the SEP 12 branch become SEP 12 with modification of the SEP 12 Events filter to include 14? Or would it be better to copy the whole branch, which seems excessive.  

    Jeff