Administrators need a method to forward logs from the Symantec Endpoint Security console in the Cloud.
Symantec Endpoint Security (SES) in the Cloud.
Contemporary models for forensic investigations and troubleshooting require access to high quality log data, including security event and incident management tool sets. Where the on-premise product provided a method for administrators to offload logs from the on-premise console, the administrators using the Cloud equivalent console need a method for offloading similar log data.
Administrators over a SES environment can offload log data using the 'Event Export' option of the Security Cloud API.
Please reference https://apidocs.securitycloud.symantec.com/#/doc?id=ses_event_export
Support recommends the use of a reputable JSON events testing tool such as Postman for testing APIs.