Does ATP/SEDR Platform support correlating logs or events from SEP for Linux?

book

Article ID: 178967

calendar_today

Updated On:

Products

Advanced Threat Protection Platform Endpoint Detection and Response

Issue/Introduction

Does Advanced Threat Protection (ATP) Platform support correlating logs or events from SEP for Linux?

Resolution

The Management Server of All-In-One component of Advanced Threat Protection (ATP) Platform will display events from Real-Time Auto-Protect feature of SEP for Linux. ATP Platform 3.0 and newer can display any such events that appear in the SEP Manager.

Currently, known functionality is dependent upon development of the SEP for Linux client. Known functionality limitations are as follows...

On-Prem:
  • No recording capabilities
  • No action capabilities (Isolate, Get File, Delete File etc)
  • No searching capabilities

Cloud:

  • No action capabilities (Isolate, Get File, Delete File etc) (Need to also expand this capability to CSA
  • Artifact collection is not the same (will vary depending on OS but we should align as close as possible)

Additional Information

REFERENCE ID : : 3976189/n REFERENCE ID : : 4074453