Does ATP/SEDR Platform support correlating logs or events from SEP for Linux?
Article ID: 178967
Advanced Threat Protection PlatformEndpoint Detection and Response
Does Advanced Threat Protection (ATP) Platform support correlating logs or events from SEP for Linux?
The Management Server of All-In-One component of Advanced Threat Protection (ATP) Platform will display events from Real-Time Auto-Protect feature of SEP for Linux. ATP Platform 3.0 and newer can display any such events that appear in the SEP Manager.
Currently, known functionality is dependent upon development of the SEP for Linux client. Known functionality limitations are as follows...
No recording capabilities
No action capabilities (Isolate, Get File, Delete File etc)
No searching capabilities
No action capabilities (Isolate, Get File, Delete File etc) (Need to also expand this capability to CSA
Artifact collection is not the same (will vary depending on OS but we should align as close as possible)
REFERENCE ID : : 3976189/n REFERENCE ID : : 4074453