Symantec Endpoint Protection 14.2 - Downloaded or Created by Information in ESM

Idea ID 2768439

Symantec Endpoint Protection 14.2 - Downloaded or Created by Information in ESM

Hello everyone,

we are using an ArcSight Smart Connector to pull all interesting SEP event information into our ESM.

The Downloaded or created by field in SEPM is very interesting for our security analysts but it looks like the latest connector version 7.14.2.8258.0 does not support this kind of event information for SEP-DB Version 14.2.5569.2100.

Support says I should create an idea to let you guys know what our "problem" is. Maybe you have the same
issue and need a solution.

Kind regards
Dominik

2 Comments
Micro Focus Contributor
Micro Focus Contributor
Status changed to: Waiting for Votes
 
Knowledge Partner Knowledge Partner
Knowledge Partner

Hi @dominikn1 ,

we are also using SEP14, can you describe the content of the field a little bit more?

Normaly the DB schema of that version should reveal the needed information to tune the connector, however at the moment its not available publicy, due to the fact that Symantec was aquired by Broadcom.

I try to remember that i want to have a look in that - we already asked our Symantec TAM for the DB - scema. 

KR

A

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.