Logsign Symantec Advanced Threat Protection (ATP) Integration

Logsign is seamlessly integrated with Symantec Advanced Threat Protection (ATP). Let’s see how.

Types of events detected by Symantec Advanced Threat Protection;

  • Reputation Lookup(Insight, Mobile Insight)
  • Endpoint File Detection
  • Endpoint (IP/URL/Domain)  Detection
  • Symantec Online Network for Advanced Response (SONAR) Detection
  • Vantage network intrusion prevention (IPS/NDC)
  • Hybrid Sandboxing

1. Reputation Lookup

The files reported to Symantec Insight or Symantec Mobile Insight Reputation services by ATP and the users can be monitored real-time by writing dashboard and report on Logsign.

file reputation-2 (1)Figure 1: Monitoring Logsign File Reputation events.

2. Endpoint File Detections

Events taking place when a suspicious file is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

Endpoint_File_Detections.pngFigure 2: Suspicious files and their threats detected on Endpoint.

3. Endpoint (IP/URL/Domain) Detection

Events taking place when a suspicious IP/URL/Domain is detected on Endpoint by ATP can be monitored real-time from the dashboard and report on Logsign.

Endpoint_Detection_Signatures_and_Actions.pngFigure 3: Suspicious IP/URL/Domain detected on Endpoint and action taken by ATP.

4. SONAR Detection

Threats detected by Symantec Online Network for Advanced Response (SONAR) can be monitored real-time from the dashboard and report on Logsign.

sonar detection threats and ips (1).pngFigure 4: SONAR to the shareholders of perceıved threats and their IP addresses

5. Intrusion Prevention System (IPS)

When Symantec Intrusion Prevention System detects possible malicious signatures, these events can be monitored real-time from the dashboard and report on Logsign.

ips signature and ip detection (1).pngFigure 5: Threats detected by IPS and their related IP addresses

6. System Events

Errors on ATP database can also be monitored real-time from the dashboard and report on Logsign.

 

Leave a Reply

Your email address will not be published. Required fields are marked *