Symantec Endpoint Protection log analysis
Organizations today face highly sophisticated security attacks on their networks. Endpoints are now major targets, as it's easy to bring an entire network down by infecting just one endpoint device.
With ransomware and zero-day attacks trending upward, many organizations have turned to endpoint security solutions to maintain the confidentiality, integrity, and availability of their endpoint assets.
Security auditing for Symantec Endpoint Protection using EventLog Analyzer
Symantec Endpoint Protection helps stop zero-day exploits and malware, including an assortment of viruses, worms, Trojans, spyware, bots, adware, and rootkits. Collecting and processing logs from Symantec Endpoint Protection helps organizations gain better insights and improve their security posture.
This is exactly what EventLog Analyzer does. It collects and parses logs from Symantec Endpoint Protection, and then provides comprehensive reports on the following aspects.
- Logon activity: View the list of all the successful logons to the device, including the hosts and users with the most number of logons as well as the overall trend in logon patterns.
- Failed logons: See all failed logon attempts to the device, the hosts and users with the most number of failed logons, and the trend in failed logon patterns.
- User account management: Discover all admin accounts that have been added, deleted, or modified.
- Policy changes: View the list of changes made to a Symantec Endpoint Protection device.
- Risks: Examine an overview of the risks that have been identified by Symantec Endpoint Protection.
- Viruses: See which devices are infected with viruses and other security risks, including spyware, adware, and other files that can put a computer or network at risk.
- Port scans: View the list of all port scan detections that occurred due to packets being blocked on these ports within a short amount of time.
- Commercial applications: See the list of all the devices on which commercial applications have been installed and are running.
- Threats: Examine the list of all unknown threats, such as Trojan horses, worms, or keyloggers found during threat scanning.
- HIPS activity: View the list of attacks detected by the intrusion prevention system of Symantec Endpoint Protection.
Antivirus softwares supported by EventLog Analyzer
- Microsoft Antimalware
- Norton Antivirus
- Sophos Antivirus