When you configure Symantec ATP to send log data to USM Appliance, you can use the Symantec-atp plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
Device | Details |
---|---|
Vendor | Symantec |
Device Type | EndPoint Security |
Connection Type | Syslog |
Data Source Name | Symantec ATP |
Data Source ID | 1871 |
Integrating Symantec ATP
Before you configure the Symantec ATP integration, you must have the IP Address of the USM Appliance Sensor.
To configure Symantec ATP to send log data to the USM Appliance Sensor
- From the ATP Manager, select Settings > Appliances, then click Edit - Default Appliance Settings.
- In the Syslog panel, click +Add Syslog Server.
- In the Add Syslog Server dialog box:
- In the Host field, enter the IP address of the USM Appliance sensor.
- In the Protocol field, select UDP.
- In the Port field, enter 514.
- Click Save.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
Endpoint Security REST API Documentation
Administration of Symantec Advanced Threat Protection 3.0 SCS Exam
For troubleshooting, refer to the vendor documentation: