ICDx

 View Only
Expand all | Collapse all

Is there a specific collector for SESC (Symantec Endpoint Security Complete)?

  • 1.  Is there a specific collector for SESC (Symantec Endpoint Security Complete)?

    Posted Jul 29, 2022 04:14 PM
    I've just set up an ICDx 1.4.5-930 server with the purpose of collecting logs from our SESC subscription and redirecting to our SIEM solution. Although there's indeed some SESC-related files at ICDx installation folder, I'm unable to find a specific configuration entry for SESC collector in my ICDx portal.

    Will it be enabled in a near updated? While it's not available, should I use current ICDm / ICDm-EDR-Incidents collectors?


  • 2.  RE: Is there a specific collector for SESC (Symantec Endpoint Security Complete)?

    Posted Jul 29, 2022 05:37 PM
    Assuming your SESC subscription is the cloud console setup, that is the ICDm and ICDm-EDR Incidents collectors.  You add the Application API in the console, and provide the resulting details into the Collector.  The ICDm is what the cloud console for SES Complete is called, so those are the correct collectors to use for ICDx.