Overview

This article explains how to integrate your Symantec data to Hunters.

Integrating Symantec data to Hunters will allow exploring and analyzing the data, as well as investigating alerts generated by the product In the Hunters portal.

Supported Data Types

  • Symantec Endpoint Protection IDS Events - IDS Events by Symantec.

  • Symantec Endpoint Protection Risk Events - Risk Events by Symantec.

Data Samples

Sample - Symantec Endpoint Protection IDS Events

2021-09-25 04:05:25,Info,HOSTNAME,Event Description: [SID: 123456] Audit: TeamViewer Remote Access Activity attack detected but not blocked. Application path: C:\PROGRAM FILES (X86)\TEAMVIEWER\TEAMVIEWER_SERVICE.EXE,Local Host IP: 192.168.1.2,Local Host MAC: 000000000000,Remote Host Name: ,Remote Host IP: 8.8.8.8,Remote Host MAC: 000000000000,Outbound,TCP,,Begin: 2021-09-25 04:05:14,End Time: 2021-09-25 04:05:14,Occurrences: 1,Application: C:/PROGRAM FILES (X86)/TEAMVIEWER/TEAMVIEWER_SERVICE.EXE,Location: External,User Name: none,Domain Name: ,Local Port: 50505,Remote Port: 5938,CIDS Signature ID: 12345,CIDS Signature string: Audit: TeamViewer Remote Access Activity,CIDS Signature SubID: 98765,Intrusion URL: ,Intrusion Payload URL: ,SHA-256: ,MD-5:

Sample - Symantec Endpoint Protection Risk Events

2021-09-25 08:55:33,Security risk found,IP Address: 192.168.1.2,Computer name: HOSTNAME,Source: Auto-Protect scan,Risk name: SecurityRisk.gen1,Occurrences: 1,File path: C:\TEMP\youtube-to-mp3-converter_72.exe,Description: ,Actual action: Deleted,Requested action: Deleted,Secondary action: Quarantined,Event time: 2021-09-25 08:51:48,Event Insert Time: 2021-09-25 08:55:32,End Time: 2021-09-25 08:53:13,Last update time: 2021-09-25 08:55:33,Domain Name: NA,Group Name: My Company\TEMP\Workstations,Server Name: HOSTNAME,User Name: SYSTEM,Source Computer Name: ,Source Computer IP: ,Disposition: Bad,Download site: ,Web domain: ,Downloaded by: Removable Files Portal,Prevalence: This file has been seen by thousands of Symantec users.,Confidence: There is strong evidence that this file is untrustworthy.,URL Tracking Status: On,First Seen: Symantec has known about this file for more than 1 year.,Sensitivity: ,Permitted application reason: Not on the permitted application list,Application hash: ,Hash type: SHA2,Company name: Sevas-S,Application name: YouTube to MP3 Converter,Application version: 1.2.0.412,Application type: 127,File size (bytes): 511848,Category set: Security risk,Category type: Security Risk,Location: External_SWG_ON,Intensive Protection Level: 0,Certificate issuer: Sevas-S LLC,Certificate signer: VeriSign Class 3 Code Signing 2010 CA,Certificate thumbprint: ,Signing timestamp: 1340789793,Certificate serial number: