Does ATP/SEDR Platform support correlating logs or events from SEP for Linux?
Article ID: 178967
Updated On:
Products
Advanced Threat Protection Platform
Endpoint Detection and Response
Issue/Introduction
Does Advanced Threat Protection (ATP) Platform support correlating logs or events from SEP for Linux?
Resolution
The Management Server of All-In-One component of Advanced Threat Protection (ATP) Platform will display events from Real-Time Auto-Protect feature of SEP for Linux. ATP Platform 3.0 and newer can display any such events that appear in the SEP Manager.
Currently, known functionality is dependent upon development of the SEP for Linux client. Known functionality limitations are as follows...
On-Prem:
Cloud:
Currently, known functionality is dependent upon development of the SEP for Linux client. Known functionality limitations are as follows...
On-Prem:
- No recording capabilities
- No action capabilities (Isolate, Get File, Delete File etc)
- No searching capabilities
Cloud:
- No action capabilities (Isolate, Get File, Delete File etc) (Need to also expand this capability to CSA
- Artifact collection is not the same (will vary depending on OS but we should align as close as possible)
Additional Information
REFERENCE ID : : 3976189/n REFERENCE ID : : 4074453
Feedback
Yes
No
Powered by
