TIPP Partner Integrations

Symantec’s integration via Splunk Apps provides a clear dashboard for security operations allowing rapid investigation for advanced persistent threats. Symantec for Splunk Apps are currently available for: Endpoint Detection & Response (EDR), Cloud SWG  (previously WSS), Web Application Firewall (WAF), ProxySG, Email Security.cloud. 

APPs were tested on Splunk Enterprise 6.5.0 or later.  

Please note: The Splunk Apps below are freely downloadable and editable.  As such, they are unsupported by Symantec and are provided to assist with Splunk integration efforts.

The Siemplify SOAR and Symantec Endpoint Security Complete integration automatically enriches real-time threat intelligence, providing security teams with contextualized and prioritized insights into endpoints. Go here to download the Symantec Threat Intelligence API now.

Go here for Threat Quotient Marketplace for downloads of Symantec Threat Intelligence API, allowing organizations to use the Symantec ecosystem to enrich Indicators from within ThreatQ and determine the prevalence of files and network related events. The following actions are supported:

File Insight

Network Insight

File Relations

Network Relations

File Protection

Network Protection

Anomali and Symantec as a division of Broadcom Software created numerous data enrichments that return any and all information related to a particular entity from the Symantec Threat Intelligence API. This enables security teams to quickly identify risk, investigate responses and preemptively mitigate cyber threats ahead of any actual attacks.  Supported data types and enrichments:

•    SHA file hash: file insight, file protection, file related, file process chain

•    Domain or IPv4: network insight, network protection, network related

Log in to the Anomali platform and enter your API key to activate the enrichment.

 

• Symantec's ICDm integration via QRadar makes use of the QRadar-provided Universal Cloud REST API protocol for the ingestion of Endpoint events, incidents, and incident-related events.
• Symantec's ICDm Event Stream - Data Bucket integration via QRadar makes use of the Amazon AWS S3 REST API protocol Log Source configuration for the ingestion of ICDm events from S3 buckets.
• Symantec's EDR Appliance Events Integration via QRadar makes use of the Syslog protocol Log Source configuration for the ingestion of EDR events. (Supported on the EDR Appliance version 4.8 and later.)

This integration also includes the Device Support Module (DSM) for QRadar to interpret the ingested event data.

Events ingestion was tested on QRadar 7.3.3 Fix Pack 6 and later.

Reduce the risk of Data Loss on your Citrix XenDesktop and Citrix XenApp / Application Server. Being certified Citrix Ready, Symantec DLP gives you the peace of mind that comes with operating a verified compatible solution. With Symantec DLP installed on Citrix XenApp or Citrix XenDesktop, you can discover, monitor and protect sensitive and confidential data sent to a Citrix client computer.

For more information about this integration, read our technical documentation