Versions Compared

Version Old Version 15 New Version Current
Changes made by

Juan Tomás Alonso Nieto (Deactivated)

Virginia Camuñas Núñez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
minLevel2
typeflat

...

The tags beginning with endpoint.symantec identify log events generated by any Symantec Endpoint product.

Tag structure

The full tag must have four levels. The first two are fixed as endpoint.symantec. The third level identifies the technology type and the fourth element is required and fixed depending upon the log type.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Symantec Endpoint Protection Manager

endpoint.symantec.sepm.agent_activity

endpoint.symantec.sepm.agent_activity

endpoint.symantec.sepm.agent_behavior

endpoint.symantec.sepm.agent_behavior

endpoint.symantec.sepm.agent_risk

endpoint.symantec.sepm.agent_risk

endpoint.symantec.sepm.agent_scan

endpoint.symantec.sepm.agent_scan

endpoint.symantec.sepm.agent_security

endpoint.symantec.sepm.agent_security

endpoint.symantec.sepm.agent_system

endpoint.symantec.sepm.agent_system

endpoint.symantec.sepm.agent_traffic

endpoint.symantec.sepm.agent_traffic

endpoint.symantec.sepm.others

endpoint.symantec.sepm.others

endpoint.symantec.sepm.system

endpoint.symantec.sepm.system

Once Symantec Endpoint Protection Manager events are delivered to Devo, they will be accessible from the finder in tables with the same names.

...