Advanced Threat Protection

Dear all,

Is Investigation playbook only available with Cloud console?
https://help.symantec.com/cs/SYMANTECEDR_4.0/EDR/v129893627_v128933990/About-investigation-playbooks?locale=EN_US

If we have local ATP management console, can we still use Investigation playbook?
If we use SEP14.2 and local ATP management console, do we need additional license to use Cloud console?

Thanks.
Best regards
Jonathan

Once you integrate the appliance in to the SEDR Cloud webpage, the Playbooks can gather the EAR events on the appliance. There is a category of Playbooks called EDR Appliance Search which are the Playbooks that are designed to search those event types.



------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 05-26-2020 10:04 AM
From: Jonathan Wong
Subject: Investigation playbook (EDR >=4.0)

Dear all,

Is Investigation playbook only available with Cloud console?
https://help.symantec.com/cs/SYMANTECEDR_4.0/EDR/v129893627_v128933990/About-investigation-playbooks?locale=EN_US

If we have local ATP management console, can we still use Investigation playbook?
If we use SEP14.2 and local ATP management console, do we need additional license to use Cloud console?

Thanks.
Best regards
Jonathan

Thanks Davis.
Does it mean that with the SEP with EDR license (on-premises), we can create cloud console, then register the ATP appliance into cloud console, and we will find the investigation playbooks?


------------------------------
Jardine OneSolution (HK) Limited
------------------------------

Original Message:
Sent: 05-27-2020 01:43 PM
From: Jeremy Davis
Subject: Investigation playbook (EDR >=4.0)

Once you integrate the appliance in to the SEDR Cloud webpage, the Playbooks can gather the EAR events on the appliance. There is a category of Playbooks called EDR Appliance Search which are the Playbooks that are designed to search those event types.

------------------------------
Strategic Support Engineer
Broadcom

Original Message:
Sent: 05-26-2020 10:04 AM
From: Jonathan Wong
Subject: Investigation playbook (EDR >=4.0)

Dear all,

Is Investigation playbook only available with Cloud console?
https://help.symantec.com/cs/SYMANTECEDR_4.0/EDR/v129893627_v128933990/About-investigation-playbooks?locale=EN_US

If we have local ATP management console, can we still use Investigation playbook?
If we use SEP14.2 and local ATP management console, do we need additional license to use Cloud console?

Thanks.
Best regards
Jonathan

Not any longer, the SEDR Cloud website has been deprecated and will be completely shut down in October.

------------------------------
Strategic Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 05-29-2020 10:03 AM
From: Jonathan Wong
Subject: Investigation playbook (EDR >=4.0)

Thanks Davis.
Does it mean that with the SEP with EDR license (on-premises), we can create cloud console, then register the ATP appliance into cloud console, and we will find the investigation playbooks?


------------------------------
Jardine OneSolution (HK) Limited

Original Message:
Sent: 05-27-2020 01:43 PM
From: Jeremy Davis
Subject: Investigation playbook (EDR >=4.0)

Once you integrate the appliance in to the SEDR Cloud webpage, the Playbooks can gather the EAR events on the appliance. There is a category of Playbooks called EDR Appliance Search which are the Playbooks that are designed to search those event types.

------------------------------
Strategic Support Engineer
Broadcom

Original Message:
Sent: 05-26-2020 10:04 AM
From: Jonathan Wong
Subject: Investigation playbook (EDR >=4.0)

Dear all,

Is Investigation playbook only available with Cloud console?
https://help.symantec.com/cs/SYMANTECEDR_4.0/EDR/v129893627_v128933990/About-investigation-playbooks?locale=EN_US

If we have local ATP management console, can we still use Investigation playbook?
If we use SEP14.2 and local ATP management console, do we need additional license to use Cloud console?

Thanks.
Best regards
Jonathan