Symantec EP

Perform Symantec Endpoint Protection Manager (SEPM) operations from a remote application

Symantec EP with LogicHub

Connecting with Symantec EP

To connect to Symantec EP following details are required:

  • Label: Connection name.
  • Host IP: Rest API IP to access Symatec EP.
  • Host Port: Rest API Port to access Symatec EP.
  • Username: Username to access Symatec EP.
  • Password: Password to access Symatec EP.

Actions with Symatec EP

Request Active Scan

Request the server to Active Scan the clients Computers.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Computer ID: Jinja-templated IDs of Computer on which to run the action. Example: {{computer_id}}.
  • Jinja Template Group ID: Jinja-templated IDs of Group on which to run the action. Example: {{group_id}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

Request Full Scan

Request the server to Full Scan the clients Computers.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Computer ID: Jinja-templated IDs of Computer on which to run the action. Example: {{computer_id}}.
  • Jinja Template Group ID: Jinja-templated IDs of Group on which to run the action. Example: {{group_id}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

Request Evidence of Compromise Scan

Request the server to Active Scan the clients Computers.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Computer ID: Jinja-templated IDs of Computer on which to run the active scan. Example: {{computer_id}}.
  • Jinja Template Group ID: Jinja-templated IDs of Group on which to run the active scan. Example: {{group_id}}.
  • Jinja Template Body: Jinja-templated text containing the evidence of compromise command in XML. Example: {{body}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

List Groups

Gets a listing of groups.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Domain: Jinja-templated text containing the domain from which to get computer information. Example: {{domain}}
  • Limit (Optional): Maximum number of results to fetch. Default is 25.
  • Sort By (Optional): The column by which the results are to be sorted. Default is by name.
  • Order of Sorting (Optional): The order which specifies the order of sorting (ASC/DESC). Default is ASC.
  • Presentation mode of the result (Optional): The presentation mode for the results (list/tree). Default is list.
  • Jinja Template Full Path Name: Jinja-templated text containing the full path name of the group. Example: {{full_path}}

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

Group Info

Get information about groups

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Group ID: Jinja-templated text containing Group ID from which to query group detail. Example: {{group_id}}.
  • Jinja Template Domain ID: Jinja-templated text containing the ID of the group's domain. Example: {{domain_id}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

Computer Information by Domain

Gets the information about the computers in a specified domain.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Host name of computer: Jinja-templated text containing the host name of computer. Wild card is supported as '*'. Example: {{computer_name}}.
  • Jinja Template Domain: Jinja-templated text containing the domain from which to get computer information. Example: {{domain}}.
  • Jinja Template Feature: Jinja-templated text containing the CSV of list of features to return opstate information in reduced mode. Example: av,{{feature}}.
  • Jinja Template Last Update: Jinja-templated text containing the integer when a computer last updated its status. (Maximum is int64).
  • Jinja Template Mac: Jinja-templated text containing the MAC address of computer. Wild card is supported as '*'. Example: {{address}}
  • Jinja Template OS: Jinja-Templated text containing the CSV of list of OS to filter. Example: Fedora,{{os}}
  • Limit (Optional): Maximum number of results to fetch. Default is 25.
  • Sort By (Optional): The column by which the results are to be sorted. Default is by COMPUTER_NAME.
  • Order of Sorting (Optional): The order which specifies the order of sorting (ASC/DESC). Default is ASC.
  • Verbose (Optional): Returns a reduced set of computer information, if true (True/False). Default is False.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

Get Computer Information by Group

Gets the information about the computers in a specified domain and group.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Jinja Template Group Id: Jinja-Templated text containing the ID of the group where the clients are communicating. Example: {{group_id}}.
  • Jinja Template Domain: Jinja-templated text containing the domain from which to get computer information. Example: {{domain}}.
  • Jinja Template Feature: Jinja-templated text containing the CSV of list of features to return opstate information in reduced mode. Example: av,{{feature}}.
  • Jinja Template Last Update: Jinja-templated text containing the integer when a computer last updated its status. (Maximum is int64).
  • Jinja Template OS: Jinja-Templated text containing the CSV of list of OS to filter. Example: Fedora,{{os}}
  • Limit (Optional): Maximum number of results to fetch. Default is 25.
  • Sort By (Optional): The column by which the results are to be sorted. Default is by COMPUTER_NAME.
  • Order of Sorting (Optional): The order which specifies the order of sorting (ASC/DESC). Default is ASC.
  • Verbose (Optional): Returns a reduced set of computer information, if true (True/False). Default is False.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

Get Critical Event Information

Get information related to critical events.

Inputs to this Action:

  • Connection: Choose a connection that you have created.
  • Limit (Optional): Maximum number of results to fetch. Default is 25.
  • Jinja Template Source: Jinja-Templated text containing the source from which to get information. Example: {{source}}.

Output of Action:
json containing following items:

  • has_error: True/False
  • error: message/null
  • result: Request ID

Did this page help you?