Integrating Endpoint Detection and Response with syslog servers
search cancel

Integrating Endpoint Detection and Response with syslog servers

book

Article ID: 174334

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You seek to integrate your Symantec Endpoint Detection and Response (SEDR) with a syslog server.

Resolution

Configure EDR to connect to a syslog server

  1. In the SEDR appliance console, click Settings > Event and Incident Forwarding to Syslog
  2. Click +Add Host.
  3. In the Add Host dialog box, in the Host field, type the IP address of the syslog server.
  4. In the Protocol field, select the appropriate protocol.
  5. In the TCP Port field, type the port on the syslog server that accepts syslog messages.
  6. Select one of the three Syslog Type from  Syslog Type drop-down list.
  7. Specify the events and incidents that you want to forward to syslog from Event Types and Incidents to Forward
  8. Click Save.

For more information, please refer to: Forwarding events and incidents to third-party SIEMs

Starting with Symantec EDR 4.12 the ICDx option is removed from the SEDR appliance console Settings > Data Sharing > Event and Incident Forwarding page. You can no longer configure new hosts to Symantec Integrated Cyber Defense Exchange (ICDx) in SEDR 4.12. For more information please access What's New in Symantec Endpoint Detection and Response 4.12

Additional Information

Access the following link to learn more about mapping Symantec EDR events.
Mapping of SEDR Events type_id to SYSLOG since version 4.8

Powered by Wolken Software