Idea ID: 2768439

Symantec Endpoint Protection 14.2 - Downloaded or Created by Information in ESM

Status : Waiting for Votes
Waiting for Votes
See status update history
over 1 year ago

Hello everyone,

we are using an ArcSight Smart Connector to pull all interesting SEP event information into our ESM.

The Downloaded or created by field in SEPM is very interesting for our security analysts but it looks like the latest connector version 7.14.2.8258.0 does not support this kind of event information for SEP-DB Version 14.2.5569.2100.

Support says I should create an idea to let you guys know what our "problem" is. Maybe you have the same
issue and need a solution.

Kind regards
Dominik

Labels:

Connectors
Parents
  • Hi  ,

    we are also using SEP14, can you describe the content of the field a little bit more?

    Normaly the DB schema of that version should reveal the needed information to tune the connector, however at the moment its not available publicy, due to the fact that Symantec was aquired by Broadcom.

    I try to remember that i want to have a look in that - we already asked our Symantec TAM for the DB - scema. 

    KR

    A

     

Comment
  • Hi  ,

    we are also using SEP14, can you describe the content of the field a little bit more?

    Normaly the DB schema of that version should reveal the needed information to tune the connector, however at the moment its not available publicy, due to the fact that Symantec was aquired by Broadcom.

    I try to remember that i want to have a look in that - we already asked our Symantec TAM for the DB - scema. 

    KR

    A

     

Children
No Data