This is the official forum for discussing the ArcSight Activate P-Symantec Endpoint Protection package, as described in the Activate Wiki
Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
This is the official forum for discussing the ArcSight Activate P-Symantec Endpoint Protection package, as described in the Activate Wiki
Is there any work being done to update the product package to support SEP 14? It looks like from the SEP schema document between 12 and 14 that the event codes across all of the parsers and none have changed materially as listed. What would be the appropriate path forward? Should the SEP 12 branch become SEP 12 with modification of the SEP 12 Events filter to include 14? Or would it be better to copy the whole branch, which seems excessive.
Jeff