Skip to main content
Lantern Home

 

Splunk Lantern

Symantec

  1. Last updated
  2. Save as PDF

Symantec, now largely a division of Broadcom, is a long-standing cybersecurity company known for its extensive portfolio of security software and services. The company provides solutions for endpoint security, information security, and identity and access management, helping organizations protect their data, infrastructure, and users from evolving cyber threats across various environments.

Before looking at documentation for specific data sources, review the Splunk Help information on general data ingestion for Splunk Enterprise, Splunk Cloud Platform or Splunk Observability Cloud.

Getting data in

Source Add-ons and Apps Guidance

Endpoint Protection

Symantec Endpoint Protection Management (SEPM) is a type of log data that provides insight into intrusion prevention, firewall, and anti-malware activities. SEPM analyzes all incoming traffic and outgoing traffic and offers browser protection to block such threats before they can be executed on the computer. It uses signature-based antivirus and file heuristics to look for and eradicate malware on a system to protect against viruses, worms, Trojans, spyware, bots, adware, and rootkits.

SEPM logs fall into one of six categories: control, packet, risk, security, system, and traffic. All of these logs are applicable to client activity, and some are applicable to server and application activity as well. Other logs concern management of policies, access to hardware and applications, and roles on client computers that connect to your company's network. 

In the Common Information Model, SEPM log data can be mapped to any of the following data models, depending on the field: AuthenticationChangeIntrusion DetectionMalware, and Network Traffic.

Splunk platform

Configuration 

Splunk Lantern Articles

DLP

Symantec Data Loss Prevention (DLP) solutions help organizations discover, monitor, and protect sensitive data across endpoints, networks, and cloud applications. It provides visibility into where sensitive data resides, how it is being used, and prevents unauthorized access or exfiltration, ensuring compliance with data privacy regulations.

Splunk platform

Splunk SOAR

Configuration

Blue Coat ProxySG

Symantec Blue Coat ProxySG (now Broadcom ProxySG) is a secure web gateway solution that provides advanced threat protection, content filtering, and application control for web traffic. It inspects, controls, and accelerates web communications, safeguarding users from web-borne threats and ensuring compliance with corporate policies.

Splunk platform

Configuration

Messaging Gateway

Symantec Messaging Gateway (SMG) is an email security solution that provides comprehensive protection against email-borne threats such as spam, viruses, malware, and phishing attacks. It offers advanced content filtering, data loss prevention, and email encryption capabilities to secure inbound and outbound email communications.

Splunk SOAR

  

Security Analytics

Symantec Security Analytics (now Broadcom Security Analytics) is a network security forensics and analytics platform that captures and analyzes full packet data to provide deep visibility into network traffic. It enables security teams to detect advanced threats, investigate security incidents, and perform retrospective analysis to understand the scope and impact of attacks.

Splunk SOAR

  
  1. Back to top

Recommended articles

  1. Article Type
    Topic
  2. Tags
    This page has no tags.