Skip to main content
 
 
Splunk Lantern

Symantec

 

Symantec Endpoint Protection Management (SEPM) is a type of log data that provides insight into intrusion prevention, firewall, and anti-malware activities. SEPM analyzes all incoming traffic and outgoing traffic and offers browser protection to block such threats before they can be executed on the computer. It uses signature-based antivirus and file heuristics to look for and eradicate malware on a system to protect against viruses, worms, Trojans, spyware, bots, adware, and rootkits.

SEPM logs fall into one of six categories: control, packet, risk, security, system, and traffic. All of these logs are applicable to client activity, and some are applicable to server and application activity as well. Other logs concern management of policies, access to hardware and applications, and roles on client computers that connect to your company's network. In the Common Information Model, SEPM log data can be mapped to any of the following data models, depending on the field: AuthenticationChangeIntrusion DetectionMalware, and Network Traffic. If you have already started ingesting data with a different source type, we recommend you switch over to the standardized source types, if possible. If you have already started ingesting the data sources into indexes other than the ones shown here, you can usually proceed. Do consider, however, whether you should separate security logs from administration logs, application, and system logs, based on who likely will need access or be prohibited access.

Other Symantec products help you protect sensitive data in sanctioned and unsanctioned cloud apps, reduce your attack surface by isolating web pages, ensure internet security and data compliance, and safeguard email security.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: