Symantec Endpoint Protection

[jamiehynds]

Description

Symantec Endpoint Protection is a security software suite that includes intrusion prevention, firewall, and anti-malware features. Endpoint Protection also has some features typical of data loss prevention software. It is typically installed on a server running Windows, Linux, or macOS.

Architecture

Exporting to syslog or a log file are supported - documentation available here.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.

All changes

• [x] Change follows the contributing guidelines
• [ ] Supported versions of the monitoring target are documented
• [ ] Supported operating systems are documented (if applicable)
• [x] Integration or System tests exist
• [x] Documentation exists
• [x] Fields follow ECS and naming conventions
• [x] At least a manual test with ES / Kibana / Agent has been performed.
• [ ] Required Kibana version set to:

New Package

• [x] Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

• [x] Dashboards exists
• [x] Screenshots added or updated
• [x] Datastream filters added to visualizations

Log dataset changes

• [x] Pipeline tests exist (if applicable)
• [x] Generated output for at least 1 log file exists
• [x] Sample event (sample_event.json) exists

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)