Symantec Endpoint Protection log monitoring with Log360

Overview

ManageEngine Log360 integrates with Symantec Endpoint Protection (SEP) to collect, parse, analyze, and archive endpoint security logs. This integration enables centralized visibility into antivirus events, policy changes, malware activity, system protection status, and enhances your security posture, compliance efforts, and threat response capabilities.

How Log360 collects and analyzes Symantec logs

Log360 simplifies SEP log management by supporting automated log collection and turning raw events into actionable insights:

Collection method used:

• Syslog forwarding: Symantec logs are forwarded to Log360 using syslog over UDP/TCP. Once ingested, Log360 normalizes, categorizes, and correlates these logs to generate alerts and reports.

Monitoring capabilities

Log360 supports and analyzes a wide range of SEP reports that help monitor the security posture of your endpoints:

• User login activity: Track user login attempts, both successful and failed logon attempts, including unauthorized access attempts, to identify potential credential misuse.
• Admin account change: Monitor administrative account activities like admin added / modified / deleted to detect privilege changes and unauthorized admin access.
• Policy changes: Capture changes to endpoint security policies, helping maintain consistent enforcement across devices.
• Track virus activity across endpoints: View virus detection events, including file names, action taken, affected hosts, and remediation status.
• Port scanning: Detect port scanning behavior and potential reconnaissance activities targeting endpoints.
• HIPS activity monitoring: Monitor host-based intrusion prevention activity, including blocked behavior or application anomalies.
• Threat detection: Detect malware, spyware, and riskware identified by SEP agents across the network. Get a consolidated view of all detected threats, including their type, origin, and resolution status.
• Security risk event monitoring: Gain deep insights into your threat landscape by identifying the systems most at risk based on event frequency, recurring threat types, and abnormal behavior patterns. Log360 visualizes critical metrics, including top affected hosts, source hosts, risk, and problems, to help you determine whether further investigation is required.

Key benefits

• Centralized endpoint visibility: Consolidate SEP logs into a unified console for real-time monitoring and correlation.
• Threat intelligence: Track policy enforcement, and admin activities across all managed endpoints to detect malware infections, quarantine failures, and exploit attempts.
• Compliance reporting: Maintain audit trails for antivirus actions and policy enforcement in line with HIPAA, PCI DSS, and other mandates
• Multi-stage attack detection: Correlate SEP events with system, AD, and firewall logs to identify complex attack patterns across your environment.
• Operational insights: Track outdated clients, signature update status, and unprotected endpoints from a unified dashboard.

Address key Symantec Endpoint Protection security challenges