UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.

Help required -Connector for Symantec endpoint protection

Idea ID 2866604

Help required -Connector for Symantec endpoint protection

Hi Everyone,

I am looking for the help to fix the issue which i have been facing with Arcsight logger and Symantec endpoint protection.

Somehow unable to see specific logs on the logger which have been forwarded by Symantec EP server.

I was told by the Arcsight support that the current version of Symantec (  14.3 MP1 Build 1169) is not supported. Surprise to hear that since this was working till Feb 28. We were able to get the logs without any issues.

 

Here are some details related to the existing setup

1. Logger: 6.6.0.8204.0

2. Connector-Windows 2016 with flex connector

3. Source -Symantec server version is 14.3 MP1 Build 1169.

Looking for the help to setup the connector which will fetch all the logs from the source.

Maybe a generic syslog connector?

 

 

 

 

 

 

 

 

 

 

2 Comments
Knowledge Partner Knowledge Partner
Knowledge Partner

can you share so details? how do you send the events from SEP to ArcSight/SC?

Probably you should not open a Idea- despite the fact, that support told you so...

@dalesio          @COEST  can you check for the internal ticket?

Community Manager Community Manager
Community Manager

Got in touch with support - will keep you informed about feedback!

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.