Tag: symantec

Mcafee DLP Events Support

Qradar Supports MacAfee EPO and Symantec SEP But not all of it. 1. SEP has full support for Antivirus, HIPS and Sonar functions, when using SEP as Device Control the Data is incoming as Misc. event and not as Device Control event.Meaning all of the Data Coming from SEP regarding Device Control Does Not parse…

Symantec Risk Not Found

Qradar supports Symantec endpoint security out of the box , see link for IBM knowledge center.Symantec Endpoint DSMĀ  Symantec EPS is combined of many endpoint security modules like HIPS, firewall and sonar. We usually will see Virus associatedĀ logs like : <54>Apr 10 00:00:25 Symantec Server SEPBEDPROD: Virus found,IP Address: 10.0.1.5,Computer name: af73075-pc,Source: Real Time Scan,Risk…