Blog

Logsign Symantec Advanced Threat Protection (ATP) Integration

Logsign is seamlessly integrated with Symantec Advanced Threat Protection (ATP). Let’s see how. Types of events detected by Symantec Advanced Threat Protection;

  • Reputation Lookup(Insight, Mobile Insight)
  • Endpoint File Detection
  • Endpoint (IP/URL/Domain)  Detection
  • Symantec Online Network for Advanced Response (SONAR) Detection
  • Vantage network intrusion prevention (IPS/NDC)
  • Hybrid Sandboxing

1. Reputation Lookup The files reported to Symantec Insight or Symantec Mobile Insight Reputation services by ATP and the users can be monitored real-time by writing dashboard and report on Logsign.

file reputation-2 (1)Figure 1: Monitoring Logsign File Reputation events.

2. Endpoint File Detections Events taking place when a suspicious file is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

Endpoint_File_Detections.pngFigure 2: Suspicious files and their threats detected on Endpoint.

3. Endpoint (IP/URL/Domain) Detection

Events taking place when a suspicious IP/URL/Domain is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

4. SONAR Detection

Threats detected by Symantec Online Network for Advanced Response (SONAR) can be monitored real-time from the dashboard and report on Logsign.

5. Intrusion Prevention System (IPS)

When Symantec Intrusion Prevention System detects possible malicious signatures, these events can be monitored real-time from the dashboard and report on Logsign.

6. System Events Errors on ATP database can also be monitored real-time from the dashboard and report on Logsign.