You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/integrations/saas-cloud/symantec-endpoint-security-service.md
+20-3Lines changed: 20 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -227,11 +227,28 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md';
227
227
228
228
### Incidents Overview
229
229
230
-
The **Symantec Endpoint Security - Incidents Overview** dashboard provides a detailed view of endpoint incidents through various widgets. These widgets display data such as the total number of incidents, total count of open incidents, high severity incidents, high priority incidents, cynic detection, newly identified incidents, unknown incidents, incidents distribution by event type, severity, category, conclusion, detection type, state, priority, and suspected breach. Additionally, it includes incident resolution rates, incidents over time, average resolution time of incidents, sandbox detections over time, summaries of all incidents, unresolved incidents, and remediation specifics. This enables administrators to monitor and manage endpoint security effectively in real time, promptly identifying and addressing potential incidents.<br/><img src={useBaseUrl('https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/Symantec+Endpoint+Security+Service/Symantec-Endpoint-Security-Incidents-Overview.png')} alt="Symantec-Endpoint-Security-Incidents-Overview" width="800"/>
230
+
Symantec Endpoint Security - Incidents Overview dashboard provides details on security incidents, their severity, priority, and current status across your endpoint environment.
231
+
232
+
Use this dashboard to:
233
+
* Quickly assess the overall security posture by viewing the number of total, open, high severity, and high priority incidents.
234
+
* Identify trends in incident types and categories to focus on areas requiring immediate attention or process improvements.
235
+
* Monitor incident resolution times and track the progress of open incidents to ensure timely response and remediation.
236
+
* Prioritze incidents by severity and priority to allocate resources effectively and address the most critical threats first.
237
+
* Analyze the distribution of incidents across different states and detection types to understand the lifecycle of security events in your environment.
The **Symantec Endpoint Security - Events Overview** The "Symantec Endpoint Security - Events Overview" dashboard provides a comprehensive view of endpoint security status through various widgets. These widgets display key data such as the total number of events, high-severity events, suspicious files, event distribution based on severity, category, event type, EDR event type, affected endpoints, top users linked to events, top malicious files, top SHA256 of files, top affected IPs, events over time, sandbox file detection events over time, and summaries of malicious files, events, hosts, threats, and incidents with the device. The dashboard also includes information on the geographic locations of affected endpoints and helps administrators monitor, manage, and respond to security threats in real-time. This enables businesses to secure endpoints and defend against various threats.<br/><img src={useBaseUrl('https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/Symantec+Endpoint+Security+Service/Symantec-Endpoint-Security-Events-Overview.png')} alt="Symantec-Endpoint-Security-Events-Overview" width="800"/>
243
+
Symantec Endpoint Security - Events Overview dashboard provides details on security events, their severity, types, and geographical distribution across the protected endpoints.
244
+
245
+
Use this dashboard to:
246
+
* Quickly assess the overall security posture by viewing the total events, high severity events, and suspicious files counts at the top of the dashboard.
247
+
* Analyze event trends over time and identify peak periods of security incidents using the Events Over Time graph.
248
+
* Identify the most affected devices, allowing for targeted investigation and remediation of compromised assets.
249
+
* Visualize the geographical distribution of affected devices and event locations to detect potential regional attack patterns or vulnerabilities.
## Create monitors for Symantec Endpoint Security app
237
254
@@ -243,7 +260,7 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
243
260
244
261
| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition |
245
262
|:--|:--|:--|:--|
246
-
|`Embargoed Device`| This alert is triggered when a device is associated with multiple incidents. It helps you to monitor and stop potentially harmful devices, enhancing your ability to identify suspicious activity. | Critical | Count > 0 |
263
+
|`Devices With Multiple Incidents`| This alert is triggered when a device is associated with multiple incidents. It helps you to monitor and stop potentially harmful devices, enhancing your ability to identify suspicious activity. | Critical | Count > 0 |
247
264
|`File Execution in Suspicious Path`| This alert is triggered when some file activity happens from the suspicious file path. It helps you to monitor activity from unusual or suspicious file paths, enhancing your ability to identify suspicious activity. | Critical | Count > 0 |
248
265
|`High Priority or Severity Incidents Detected`| This alert is triggered when an incident is created with high priority or severity. It helps you to monitor and stop potentially harmful events that could compromise endpoint security. | Critical | Count > 0 |
249
266
|`High-Risk Threat Detected by Cynic`| This alert is triggered when a high-risk threat is detected by the cynic. It allows you to quickly identify endpoints with a high concentration of threat activity, enabling swift action to contain and remediate potential infections. | Critical | Count > 0 |
0 commit comments