Q: Does Symantec Endpoint Detection and Response (SEDR) 4.x or Advanced Threat Protection (ATP) Platform 3.2 support correlating logs or events from Symantec Endpoint Protection (SEP) for Mac?

A: Symantec Quality Assurance has not certified ATP Platform with log entries from the Real-Time Auto-Protect feature of SEP for Mac.

In a customer production environment, Symantec Technical Support observed ATP displaying events from SEP for Mac clients within the Events data relayed from SEPM to ATP.

Currently, known functionality is dependant upon development of the SEP for MAC client. Known functionality is as follows...

On-Prem:

No recording capabilities

No action capabilities (Isolate, Get File, Delete File etc)

No searching capabilities

Cloud:

No action capabilities (Isolate, Get File, Delete File etc) (Need to also expand this capability to CSA

Artifact collection is not the same (will vary depending on OS but we should align as close as possible)

For more information regarding the roadmap of SEP for Mac, please contact Sales.