Use event log if possible if not, use IDR engineīy selecting this option, attribution will be done using the assets and accounts present in the log lines.If it's unable to resolve assets or accounts using the source address, it will use the assets or accounts present in the log lines, if any. Use IDR engine if possible if not, use event logīy selecting this option, the InsightIDR attribution engine will perform attribution using the source address present in the log lines.
When setting up Symantec Endpoint Protection as an event source, you will have the ability to specify the following attribution options: Symantec Endpoint Protection product logs can contain information about hosts and accounts. InsightIDR only parses an event from your Virus Scan event source when a virus is found.
From your dashboard, select** Data Collection** on the left hand menu.This option will log data to a single log folder instead of sending the logs to syslog. When configuring Symantec for syslog delivery, check off Export Logs to a Dump File. In the SEP Management Console, you must configure Symantec to send logs to a folder in the "External Logging settings" section. Read instructions on page 705 of the Administrator's Guide here: Watch Directory In the SEP Management Console, you must configure Symantec to send logs via syslog in the "External Logging settings" section.
InsightIDR can ingest data from Symantec Endpoint Protection in two ways: syslog and Watch Directory. Symantec Endpoint Protection (SEP) utilizes the endpoints on your network to work together in protecting data.
0 kommentar(er)
