jdc07301 Trusted Contributor.
Trusted Contributor.
443 views

Symantec Endpoint Protection Package?

Is there a product package for Symantec Endpoint Protection currently in the works? If so, timeframe for release?

Thanks!

Jeff

0 Likes
8 Replies
Highlighted
mike_of_many Trusted Contributor.
Trusted Contributor.

Re: Symantec Endpoint Protection Package?

Jeffery

Sorry this hasn't been answered but your question does have two parts, the first of which I can answer.

Here is the Activate package for Malware Monitoring

That's your base AV solution package and should fit most of your Symantec AV Use Cases.  Just follow the install and linking instructions to get your Symantec events to work.

As for a Specific Product Package for Symantec, I have not heard anyone stepping up to that plate yet. Is your organization capable of it?

Mike

0 Likes
jdc07301 Trusted Contributor.
Trusted Contributor.

Re: Symantec Endpoint Protection Package?

Mike,

Sorry for the delay, I have thrown together something in our DEV environment to test some things out, and already see a couple of adjustments that will need to be made. Namely, an override will be needed for the File Path as it is being written do a different field than ePO. We are consumed with other activities and I am very new to ArcSight but am willing to do what I can as time allows.

Jeff

0 Likes
mike_of_many Trusted Contributor.
Trusted Contributor.

Re: Symantec Endpoint Protection Package?

Jeff

That's awesome, any work we as a community can put into Activate the better it is for everyone.  I myself am mostly un-attached but do what I can.  I agree the Malware Monitoring package is ePO biased, but I don't have other enterprise anti-virus logs to work with.. Ideally, we want it agnostic for ePO, Symantec, Trend at least.

Then product packages can be added on top.

0 Likes
StevenD Honored Contributor.
Honored Contributor.

Re: Symantec Endpoint Protection Package?

I have a SEP v11/12.x package that's fairly well flushed out(it's mostly just filters). Happy to upload if someone wants to test/adapt it for the Activate Malware package.

I started my own Malware/AV monitoring suite before the Activate one was published so I've been using the SEP package in tandem with AV alerting for a while...but the SEP package is separate drops in as a another product like the rest of the activate things.

Regards

0 Likes
jdc07301 Trusted Contributor.
Trusted Contributor.

Re: Symantec Endpoint Protection Package?

I would definitely be interested in taken a look.

Jeff

0 Likes
StevenD Honored Contributor.
Honored Contributor.

Re: Symantec Endpoint Protection Package?

I dropped it there, let me know what you think.

0 Likes
tkachouba Trusted Contributor.
Trusted Contributor.

Re: Symantec Endpoint Protection Package?

Thanks for sharing Steven!

0 Likes
cmhamilton211 Respected Contributor.
Respected Contributor.

Re: Symantec Endpoint Protection Package?

Thanks for sharing, your thanks Taras.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.