Logsign Symantec Advanced Threat Protection (ATP) Integration

Logsign is seamlessly integrated with Symantec Advanced Threat Protection (ATP). Let’s see how.

Types of events detected by Symantec Advanced Threat Protection;

  • Reputation Lookup(Insight, Mobile Insight)
  • Endpoint File Detection
  • Endpoint (IP/URL/Domain)  Detection
  • Symantec Online Network for Advanced Response (SONAR) Detection
  • Vantage network intrusion prevention (IPS/NDC)
  • Hybrid Sandboxing

1. Reputation Lookup

The files reported to Symantec Insight or Symantec Mobile Insight Reputation services by ATP and the users can be monitored real-time by writing dashboard and report on Logsign.

file reputation-2 (1)Figure 1: Monitoring Logsign File Reputation events.

2. Endpoint File Detections

Events taking place when a suspicious file is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

Endpoint_File_Detections.pngFigure 2: Suspicious files and their threats detected on Endpoint.

3. Endpoint (IP/URL/Domain) Detection

Events taking place when a suspicious IP/URL/Domain is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

Endpoint_Detection_Signatures_and_Actions.pngFigure 3: Suspicious IP/URL/Domain detected on Endpoint and action taken by ATP.

4. SONAR Detection

Threats detected by Symantec Online Network for Advanced Response (SONAR) can be monitored real-time from the dashboard and report on Logsign.

sonar detection threats and ips (1).pngFigure 4: SONAR to the shareholders of perceıved threats and their IP addresses

5. Intrusion Prevention System (IPS)

When Symantec Intrusion Prevention System detects possible malicious signatures, these events can be monitored real-time from the dashboard and report on Logsign.

ips signature and ip detection (1).pngFigure 5: Threats detected by IPS and their related IP addresses

6. System Events

Errors on ATP database can also be monitored real-time from the dashboard and report on Logsign.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s