Is there any action/outcome field in the sep mobile Syslog message, be it malware logs or unwanted app or Network Threats, etc.
We do get something like incident_opened or incident_reopened and incident_closed do these statuses have anything to do with the outcome like prevented or blocked or is there any other field that provides that info?
Looked in the product doc below but seems like logs are for detections only and no remediation is possible
Common Event Format (CEF) integration based on security incidents
Broadcom |
remove preview |
|
Common Event Format (CEF) integration based on security incidents |
Symantec Endpoint Protection Mobile supports standard syslog integration using the CEF format. Events are sent via the SIEM integration when a new security incident is opened, closed, or re-opened. You can validate that your corporate network is properly configured to enable the integration with Symantec Endpoint Protection Mobile. |
View this on Broadcom > |
|
|