Advanced Threat Protection

 View Only
Back to Library

NEW RELEASE: Symantec Advanced Threat Protection App Is Now On Splunk  

Feb 07, 2017 06:59 PM

Integration with Splunk

Symantec Advanced Threat Protection (ATP) customers who are using Splunk as their SIEM tool can now take advantage of the free Symantec ATP app on the Splunk’s app store. They can export threat events across their ATP sensors to Splunk®. A default security dashboard is made available for ATP Splunk users to get a glance of all threat events. Meanwhile, customers can also create and customize a security dashboard in Splunk easily by leveraging the rich threat data from Symantec ATP. They can drill down to see any file hash that is related to a specific incident and do ad hoc queries via Splunk.

 

If customers have multiple Symantec ATP modules, they may also filter ATP events via Splunk console by different search fields, such as endpoint, network, email, or roaming events. In addition, the Symantec ATP App leverages Splunk Adaptive Response framework in Enterprise Security app to allow incident responders to respond to threats by remediating and isolating compromised endpoints directly from the Splunk management console. This integration provides visibility into multiple control points and automates IR response tasks.

The app is available for download on https://splunkbase.splunk.com/app/3453/

Splunk 2_2_0.png

 

Key feature enhancement in the latest release

  • Enhanced Rules for Incident Creation- Customers can now easily identify incidents based on: 1) Detections of malicious file that has not been remediated at the endpoint 2) Sandbox detections of any malicious file 3) Communication with known malicious or Command and Control sites

 

  • Improved performance for ATP: Email- See email details and correlations immediately. Incidents and events will be created without any delays.

     

  • Improved Detection of Suspicious Files- Symantec continuously fine tune our machine learning algorithm to  improve identification of suspicious files

     

  • Ability to submit and detect malware in RTF files via Cynic sandbox- Customers can now submit RTF files for sandboxing as they are a common document file type

 

For more information, visit: http://atp.symantec.com

 

Resource:

Download ATP Datasheet: Splunk & ServiceNow Integration

Download ATP: Platform Datasheet

Symantec Advanced Threat Protection 2.3 Release Note

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.