Symantec Endpoint Detection and Response (EDR)
  • 08 Mar 2022
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Symantec Endpoint Detection and Response (EDR)

  • Dark
    Light
  • PDF

Article summary

Symantec Endpoint Detection and Response (EDR) detects, protects, and responds to threats to the organization's network.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Host Name or IP Address (required) - The hostname or IP address of the Symantec EDR server that Axonius can communicate with via the Required Ports.
  2. Client ID and Client Secret (required) - The credentials for a user account that has the Required Permissions to fetch assets.
  3. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the value supplied in Host Name or IP Address will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the value supplied in Host Name or IP Address will not be verified against the CA database inside of Axonius.
  4. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Host Name or IP Address.
    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Host Name or IP Address.
    • If not supplied, Axonius will connect directly to the value supplied in Host Name or IP Address.
  5. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  6. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  7. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

APIs

Axonius uses the Symantec EDR API Version 2.

Required Ports

Axonius must be able to communicate with the value supplied in Host Name or IP Address via the following ports:

  • TCP port 443.

Required Permissions

The value supplied in Client ID and Client Secret must by associated to a user that have read access to devices.
The user must have atp_view_entities permission (Included under User privileges).

To generate an OAuth client:

NOTE

You must have Admin rights to generate an OAuth client. Only users with the Admin role that created the OAuth client can view the Client ID and Client Secret. Other Admin roles can only view the Client ID.

  1. Do one of the following:
    • In the EDR cloud console, click Settings. Under Environment, select an appliance and then click Data Sharing.
    • In the EDR appliance console, click Settings > Data Sharing.
  2. In the OAuth Clients section, click Add Application.
  3. In the App Name field, type the name of the application that you want to register.
  4. Select the API version that you intend to use. The default setting is version 2.
  5. Select to enable version 2 APIs. A Role option appears. Click the drop-down menu and select the user role for the app.
  6. Click Generate. The client ID and client secret appear.

Was this article helpful?