Integrate Symantec Endpoint Protection Cloud...Integrate Symantec Endpoint Protection Cloud Overview...

Integrate Symantec Endpoint Protection Cloud EventTracker v9.x and above

Publication Date: July 12, 2019

1

Integrate Symantec Endpoint Protection Cloud

Abstract This guide helps you in configuring Symantec Endpoint Protection Cloud with EventTracker to receive

Symantec Endpoint Protection Cloud events. In this guide, you will find the detailed procedures required for

monitoring the Symantec Endpoint Protection Cloud.

Audience Administrators who are assigned the task to monitor and manage Symantec Endpoint Protection Cloud

events using EventTracker.

The information contained in this document represents the current view of Netsurion on the

issues discussed as of the date of publication. Because Netsurion must respond to changing

market conditions, it should not be interpreted to be a commitment on the part of Netsurion, and

Netsurion cannot guarantee the accuracy of any information presented after the date of

publication.

This document is for informational purposes only. Netsurion MAKES NO WARRANTIES, EXPRESS

OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the

rights under copyright, this paper may be freely distributed without permission from Netsurion, if

its content is unaltered, nothing is added to the content and credit to Netsurion is provided.

Netsurion may have patents, patent applications, trademarks, copyrights, or other intellectual

property rights covering subject matter in this document. Except as expressly provided in any

written license agreement from Netsurion, the furnishing of this document does not give you any

license to these patents, trademarks, copyrights, or other intellectual property.

The example companies, organizations, products, people and events depicted herein are fictitious.

No association with any real company, organization, product, person or event is intended or

should be inferred.

© 2019 Netsurion. All rights reserved. The names of actual companies and products mentioned

herein may be the trademarks of their respective owners.

2


Table of Contents Abstract ............................................................................................................................................................. 1

Audience ............................................................................................................................................................ 1

Overview ................................................................................................................................................................ 3

Obtaining Symantec Endpoint Protection Cloud credential ................................................................................. 3

Integrating Symantec Endpoint Protection Cloud to EventTracker ...................................................................... 5

EventTracker Knowledge Pack .............................................................................................................................. 6

Category ............................................................................................................................................................ 6

Alerts ................................................................................................................................................................. 6

Flex Reports ....................................................................................................................................................... 6

Dashboards ........................................................................................................................................................ 8

Importing SEPC knowledge pack into EventTracker ............................................................................................. 9

Category .......................................................................................................................................................... 10

Alerts ............................................................................................................................................................... 11

Knowledge Object ........................................................................................................................................... 12

Flex Report....................................................................................................................................................... 14

Dashboard ....................................................................................................................................................... 16

Verifying SEPC knowledge pack in EventTracker ................................................................................................ 18

Category .......................................................................................................................................................... 18

Alerts ............................................................................................................................................................... 19

Knowledge Object ............................................................................................................................................ 19

Flex Report ........................................................................................................................................................ 20

3


Overview Symantec Endpoint Protection Cloud is a cloud-based security solution tailored for small- and medium-sized

businesses.

EventTracker KP for Symantec Endpoint Protection Cloud provides your insight about the Threat detection,

Device Management, and other critical events.

Obtaining Symantec Endpoint Protection Cloud

credential To obtain Symantec Endpoint Protection Cloud API credentials, follow the steps

1. Go to Settings.

Figure 1

2. Select Client Application Management.

4


Figure 2

3. Click on Add Client Application and create the API keys.

Figure 3

4. Copy the Client ID, Client Secret, Customer ID, and Domain ID.

5


Integrating Symantec Endpoint Protection Cloud to

EventTracker 1. Download the Integrator for Symantec Endpoint Protection Cloud. 2. Save .exe and run the executable file “SEPCIntegrator.exe”. 3. This will launch the following window.

Figure 4

4. Enter the Details and click on validate, this will validate the keys and provide the below message if the credentials are successfully validated.

Figure 5

5. You will get a pop up suggesting the successful integration.

Figure 6

https://downloads.eventtracker.com/kp-integrator/SEPCIntegrator.exe

6


EventTracker Knowledge Pack Once logs are received into EventTracker, Alerts, Reports can be configured into EventTracker. The following

Knowledge Packs are available in EventTracker to support Windows.

Category

• Symantec Endpoint Protection Cloud - Threat Detection: This category provides information related

to all the threat that is detected by Symantec Endpoint Protection Cloud.

• SEP Cloud - Audit Events: This category provides information related to all the audit-related activities.

• SEP Cloud - Management Events: This category provides information related to all the device and

client management related activities.

• SEP Cloud - Security Events: This category provides information related to all the security activities

such as enable and disable of critical features, scan details, etc.

• SEP Cloud - System Events: This category provides information related to all the system related

activities.

Alerts

• Symantec Endpoint Protection Cloud - Threat detection: This alert is generated when the Symantec

Endpoint Protection Cloud detects any malware or threats.

• Symantec Endpoint Protection Cloud - Scan aborted: This alert is generated when the Symantec

Endpoint Protection scan is aborted.

• Symantec Endpoint Protection Cloud - Definition update failed: This alert is generated when the

Symantec Endpoint Protection Cloud detects any definition update fails.

• Symantec Endpoint Protection Cloud - Critical Feature Disabled: This alert is generated when the

Symantec Endpoint Protection Cloud detects any critical feature disabled gets disabled.

Flex Reports

• Symantec Endpoint Protection Cloud - Threat detection- This report provides details about the threat detected by Symantec Endpoint Protection Cloud.

7


Figure 7

• Symantec Endpoint Protection Cloud - Scan details - This report provides details about all the scans that have been performed.

Figure 8

• Symantec Endpoint Protection Cloud - Console login logout details - This report provides details about the login logout activities.

Figure 9

8


• Symantec Endpoint Protection Cloud - Management activities - This report provides details about

any admin user changes that are done.

Figure 10

Dashboards

• Symantec Endpoint Protection Cloud – Threats detected.

Figure 11

• Symantec Endpoint Protection Cloud – Login details.

9


Figure 12

• Symantec Endpoint Protection Cloud – Login details.

Figure 13

Importing SEPC knowledge pack into EventTracker NOTE: Import knowledge pack items in the following sequence:

• Category

• Alerts

• Knowledge Objects

10


• Flex Reports

1. Launch the EventTracker Control Panel.

2. Double click Export-Import Utility.

Figure 14

3. Click the Import tab

Category

1. Click the Category option, and then click the browse button.

Figure 15

11


2. Locate Category_SEPC.iscat file, and then click the Open button.

3. To import categories, click the Import button.

4. EventTracker displays a success message.

Figure 16

5. Click OK, and then click the Close button.

Alerts

1. Click the Alert option, and then click the browse button.

Figure 17

2. Locate Alerts_SEPC.isalt file, and then click the Open button.

3. To import alerts, click the Import button.

12


4. EventTracker displays a success message.

Figure 18

5. Click the OK button, and then click the Close button.

Knowledge Object 1. Click Knowledge objects under the Admin option in the EventTracker manager page.

Figure 19

2. Click on the Import button as highlighted in the below image.

13


Figure 20

3. Click on Browse.

4. Locate the file named KO_SEPC.etko.

5. Now select all the checkbox and then click on the ‘Import’ option.

14


Figure 21

6. Knowledge objects are now imported successfully.

Figure 22

Flex Report

On EventTracker Control Panel,

1. Click Reports option and select new (etcrx) from the option.

15


Figure 23

2. Locate the file named Reports_ SEPC.etcrx and select all the checkbox.

16


Figure 24

3. Click the Import button to import the reports. EventTracker displays a success message.

Figure 25

Dashboard NOTE: Below steps given are specific to EventTracker and later.

1. Open EventTracker in browser and logon.

17


Figure 26

2. Navigate to My Dashboard option as shown above.

3. Click on the Import button as shown below.

Figure 27

4. Import dashboard file Dashboard_SEPC.etwd and checkbox the dashboards that you require and click on Import as shown below.

Figure 28

5. Import is now completed successfully.

Figure 29

18


Verifying SEPC knowledge pack in EventTracker

Category 1. Logon to EventTracker.

2. Click Admin dropdown, and then click Categories.

Figure 30

3. In Category Tree to view imported categories, scroll down and expand SEPC group folder to view the imported categories.

Figure 31

19


Alerts 1. Logon to EventTracker.

2. Click the Admin menu, and then click Alerts.

Figure 32

3. In the Search box, type ‘SEPC, and then click the Go button. Alert Management page will display all the imported alerts.

Figure 33

Knowledge Object 1. In the EventTracker web interface, click the Admin dropdown, and then click Knowledge Objects.

Figure 31

Figure 34

2. In the Knowledge Object tree, expand SEPC group folder to view the imported Knowledge objects.

20


Figure 35

Flex Report 1. In the EventTracker web interface, click the Reports menu, and then select the Report

Configuration.

21


Figure 36

2. In Reports Configuration pane, select the Defined option.

3. Click on the SEPC group folder to view the imported SEPC reports.

Figure 37

Date post:	21-Jun-2020
Category:	Documents
Upload:	others
View:	12 times
Download:	0 times

Integrate Symantec Endpoint Protection Cloud...Integrate Symantec Endpoint Protection Cloud Overview...

Documents