Symantec Endpoint Detection and Response (EDR)

Symantec Endpoint Security (SES) Complete delivers comprehensive protection for all your traditional and mobile devices across the entire attack chain.

Integration with LogicHub

Connecting with Symantec EDR

To connect to Symantec DLP following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Server URL: Server url for Symantec EDR. Example: 'https://localhost:443'
  • Client ID: Client ID of your Symantec EDR Host.
  • Client Secret: Client Secret of your Symantec EDR Host.

Actions with Symantec EDR

Get Blacklist Policies

Lists blacklist policies from ATP. Search query can be used to get specific blacklist policies.

Inputs to this Action:

  • Connection: Choose a connection that you have created
  • Query: Jinja Template text containing JSON formatted query of optional parameters (Default is to fetch 100000). Parameters are id, ip, url, domain, md5, sha256, next and limit.
    Example:{"ip": "{{ip}}", "url": "{{url}}"}.

Output of Action:
JSON object having following fields:

  • has_error: True/False
  • error: message/null
  • result: Policy Object

Create Blacklist Policies

Creates blacklist policies for blocking or monitoring external communications.

Inputs to this Action:

  • Connection: Choose a connection that you have created
  • Body: Jinja Template text containing the body consists of a single json object that defines the blacklist policies to be created. Example: {{body_column}}.

Output of Action:
JSON object having following fields:

  • has_error: True/False
  • error: message/null
  • result: Policy Object
  • maximum_policy_limit: Maximum policy allowed
  • remaining_policy_limit: Remaining policy that can be created

Did this page help you?