ICDx

ICDx - Collectors and Forwarders 

12-09-2019 01:13 PM

ICDx Logo ICDx

Symantec’s Integrated Cyber Defense (ICD) Platform unifies products, services and partners to drive down the cost and complexity of cyber security, while protecting enterprises against sophisticated threats. ICD combines information protection, threat protection, identity management, compliance and other advanced services, powered by shared intelligence and automation across endpoints, networks, applications, and clouds.

 

Collectors and Forwarders

Collector and Forwarder Support matrix for ICDx
https://support.symantec.com/us/en/article.tech252892.html
TECH252892

DLP

The DLP Incident Data Views is an excellent article on how data is related in DLP, this is very useful even if you don't use ICDx.

Preparing to configure Symantec Data Loss Prevention collectors
https://support.symantec.com/us/en/article.HOWTO129892.html
HOWTO129892

SEP

etc

Statistics
0 Favorited
10 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

12-16-2019 12:26 PM

Hi Alex, yes, there are events being collected, we can also see those fields in the sql db. The icdx schema also seem to show that user_name and device_names should be exposed. In the ICDX search window, I can also see data and events with information, but the "device Name" and "Device IP Address" columns are empty.

12-14-2019 01:40 AM

Are any events from DLP being collected?

Is it just certain incident types that aren't showing up those Fields?

if you run the SQL provided against the DLP db do those fields have data populated?

Configuring Symantec Data Loss Prevention collectors
https://help.symantec.com/cs/ICDX_1.3.1/ICDX/v126919648_v133313422/Configuring-Symantec-Data-Loss-Prevention-collectors?locale=EN_US

12-13-2019 02:15 PM

Are there any indepth look into the DLP collector? We have set up the DLP collector (and a Json forwarder) but we seem to be missing information from the DLP collector. In particular we were trying to find the user_name and device_name attributes, which should be available. However, our DLP collector does not seem to be pulling this information.

There are no filter or inclusion/ exclusion at this point for our collectors.

Related Entries and Links

No Related Resource entered.