Back Arrow Back to All Integrations

Symantec Endpoint Security

Symantec Endpoint Security

Integrating Symantec Endpoint Security With Blumira

Blumira’s modern cloud SIEM platform integrates with Symantec Endpoint Security to detect cybersecurity threats and provide actionable response to remediate when a threat is detected.

 

When configured, the Blumira integration with Symantec Endpoint Security will stream security event logs to the Blumira service for automated threat detection and actionable response.

 

Get visibility, detect and respond to threats faster:

 

  • Quickly detect known and suspected threats with Blumira’s cloud-based platform
  • Reduce the noise of false-positive alerts with backend automation and fine-tuned alerting
  • Detect lateral movement across your environment with virtual honeypots
  • Get guided and actionable remediation playbooks for teams without security expertise
  • View easy-to-understand dashboards and security threat reports to help organizations meet compliance requirements

 

See how easy it is to set up Blumira with Symantec Endpoint Security:

Set Up Instructions

Configure Log Forwarding for Symantec Endpoint Security

Forward traffic logs from Symantec Endpoint Security to a SIEM for longterm storage, compliance, audit, reporting or legal reasons.

Required Blumira Module: Logger

  1. In the console, click Admin.
  2. Click Servers.
  3. Click the local site or remote site that you want to export log data from.
  4. Click Configure External Logging.
  5. On the General tab, in the Update Frequency list box, select how often to send the log data to the file.
  6. In the Master Logging Server list box, select the management server to send the logs to.
    1. NOTE: If you use SQL Server and connect multiple management servers to the database, specify only one server as the Master Logging Server.
  7. Check Enable Transmission of Logs to a Syslog Server.
  8. Provide the following information:Syslog Server
    • Type the IP address or domain name of the Syslog server that you want to receive the log data. This will be the IP address of your Blumira Sensor.

    Destination Port

    • Select the protocol to use, and type the destination port that the Syslog server uses to listen for Syslog messages.

    Log Facility

    • Type the number of the log facility that you want to the Syslog configuration file to use, or use the default. Valid values range from 0 to 23.
  9. On the Log Filter tab, check which logs to export.
  10. Click OK.