search cancel

How do I establish secure communication between ATP (EDR) and AD?

book

Article ID: 173993

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

  • Need to enable secure communication between Advanced Threat Protection (ATP) or Endpoint Detection and Response (SEDR) and Active Directory (AD).
  • Where do I find the required AD certificate?
  • How do I update the certificate for AD in ATP or EDR?

 

Cause

  • You are configuring Active Directory (AD) in EDR so that AD users can login and use the EDR web user interface.
  • You have configured AD in EDR and you need to renew a certificate that is expiring or has expired.

Environment

Endpoint Detection and Response 4.0 or later

Advanced Threat Protection 3.0 or later

Resolution

To export the AD certificate from the AD server and upload/update it in EDR:

  1. Log on to the AD server
  2. Click Start > Type MMC and press Enter to open MMC
  3. Click File > Add/Remove Snap-in, click to add certificates to selected snap-ins, select computer account, select local computer, click Finish, click OK.
  4. Expand Certificates > Personal > Certificates
  5. Right click the AD certificate > select All Tasks > click Export
  6. Upload that AD certificate to the AD connection in the SEDR web user interface
    1. On the left navigation pane, click
      Settings 
      >
      Users 
      >
      Active Directory
      .
    2. Click
      +Add Domain
      .
    3. Check to ensure all fields are filled in correctly according to your environment's configuration
      • IMPORTANT: the NetBIOS name field is required as of SEDR 4.3
    4. Check the box to upload or attach the new or updated certificate.

Additional Information

  • See the Symantec EDR documentation on the Broadcom Support Portal for Integrating Symantec EDR with Microsoft Active Directory
    • https://support.broadcom.com/ > Symantec Enterprise Security > Documentation > Endpoint Security and Management > Endpoint Detection and Response (EDR)
  • See Unable to log in with AD credentials after the update to SEDR 4.3 if you are unable to login using AD credentials.

 

Attachments