You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>SymantecATP (25 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next

Sheriff CSMâ„¢

Symantec ATP

When you configure Symantec ATP to send log data to Sheriff CSM, you can use the Symantec-atp plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
DeviceDetails
Vendor Symantec
Device Type EndPoint Security
Connection Type Syslog
Data Source Name Symantec ATP
Data Source ID 1871

Integrating Symantec ATP

Before you configure the Symantec ATP integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Symantec ATP to send log data to the Sheriff CSM Sensor
  1. From the ATP Manager, select Settings > CSMs, then click Edit - Default CSM Settings.

  2. In the Syslog panel, click +Add Syslog Server.

  3. In the Add Syslog Server dialog box:

    • In the Host field, enter the IP address of the Sheriff CSM Sensor.
    • In the Protocol field, select UDP.
    • In the Port field, enter 514.

  4. Click Save.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

http://help.symantec.com/api/productGroups/SATP_P_QA/products/ATP_P/pdfcontents/v106663531_v113989298/title

Symantec Advanced Threat Protection Platform Administration Guide

For troubleshooting, refer to the vendor documentation:

https://support.symantec.com/en_US/article.DOC9155.html

https://www.symantec.com/connect/topics/how/troubleshooting
Edit  | Attach | Print version | History: r6 < r5 < r4 < r3 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r6 - 25 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.