search cancel

Importing Endpoint Protection events into third-party applications in Endpoint Protection Cloud 14.2 and 15.

book

Article ID: 173209

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security

Issue/Introduction

You can use client scripts to integrate Symantec Endpoint Protection (SEP) with other reporting and monitoring applications, such as Splunk or a Syslog Server. These scripts export event data from SEP thus allowing you to import them into a third-party application. This event data can be consumed through the prebuilt dashboard for further monitoring and analysis.

Resolution

Follow these steps to import events data into any third-party application.

  1. Add a new client application to the cloud console
    • ‚ÄčIn the SEP Cloud console, go to Integration > Client Applications tab, and press Add Client Application.
    • In the Add Application window, type the name of the application and press Add.
    • The new application is listed with the client ID and client secret.
  2. Press Show to display the client secret. Make a note of the following values, which are required to generate an authentication token:
    • Client Secret.
    • Client ID
  3. Use REST API calls to authorize and export event data

See Use the REST APIs to generate authorization token and export event data (broadcom.com)