Open jamiehynds opened 1 year ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
A symantec_edr_cloud
integration shipped with the incidents
data stream calling the /v1/incidents
API. in #8267.
Future work will add an additional data stream calling the /v1/event-export/stream/{stream_guid}/{channel_id}
Event Stream API.
A
symantec_edr_cloud
integration shipped with theincidents
data stream calling the/v1/incidents
API. in #8267.Future work will add an additional data stream calling the
/v1/event-export/stream/{stream_guid}/{channel_id}
Event Stream API.
@ebeahan this is something actively being worked on my @piyush-elastic and team.
@jamiehynds got it - I missed https://github.com/elastic/integrations/issues/8972.
Description
Symantec EDR exposes advanced attacks with precision machine learning and global threat intelligence minimizing false positives and helps ensure high levels of productivity for security teams. Symantec EDR capabilities allow incident responders to quickly search, identify and contain all impacted endpoints while investigating threats using a choice of on-premises and cloud-based sandboxing. Also, Symantec EDR enhances investigator productivity with automated investigation playbooks and user behavior analytics that brings the skills and best practices of the most experienced security analysts to any organization.
Architecture
Symantec provide an API to pull incidents, events and audit events. Pushing data to object storage such as S3, Azure Blob and GCS buckets are also supported.
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Dashboards changes
Log dataset changes
sample_event.json
) exists