Blog

Logsign Symantec Advanced Threat Protection (ATP) Integration

15.07.2018 Read

Logsign is seamlessly integrated with Symantec Advanced Threat Protection (ATP). Let’s see how. Types of events detected by Symantec Advanced Threat Protection;

  • Reputation Lookup(Insight, Mobile Insight)
  • Endpoint File Detection
  • Endpoint (IP/URL/Domain)  Detection
  • Symantec Online Network for Advanced Response (SONAR) Detection
  • Vantage network intrusion prevention (IPS/NDC)
  • Hybrid Sandboxing

1. Reputation Lookup The files reported to Symantec Insight or Symantec Mobile Insight Reputation services by ATP and the users can be monitored real-time by writing dashboard and report on Logsign.

file reputation-2 (1)Figure 1: Monitoring Logsign File Reputation events.

2. Endpoint File Detections Events taking place when a suspicious file is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

Endpoint_File_Detections.pngFigure 2: Suspicious files and their threats detected on Endpoint.

3. Endpoint (IP/URL/Domain) Detection

Events taking place when a suspicious IP/URL/Domain is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

4. SONAR Detection

Threats detected by Symantec Online Network for Advanced Response (SONAR) can be monitored real-time from the dashboard and report on Logsign.

5. Intrusion Prevention System (IPS)

When Symantec Intrusion Prevention System detects possible malicious signatures, these events can be monitored real-time from the dashboard and report on Logsign.

6. System Events Errors on ATP database can also be monitored real-time from the dashboard and report on Logsign.