Click here to expand

    Symantec DLP Application

    Symantec DLP Application

    EventLog Analyzer collects log data from Symnatec DLP Applications and presents it in the form of graphical reports. For the solution to start collecting this log data, the it has to be added as a threat source.

    Adding a Symantec DLP Application device as a threat source:

    To add a Symnatec DLP Application device as a threat source, the syslog service has to be configured.

    1. Locate and open the config\ file. The file path is as follows
      • Windows - \SymantecDLP\Protect\config directory
      • Linux - /opt/SymantecDLP/Protect/config directory
    2. Uncomment the line and specify the EventLog Analyzer server IP address as follows:
    3. Uncomment the systemevent.syslog.port= line and specify 514 as the port to accept connections from the Symantec Enforce Server as follows:
    4. After making the above mentioned changes, save and close the properties file.
    FireEye Threat Solutions
    1. In the EventLog Analyzer console, navigate to Settings > Configurations > Manage Threat Source > Add Source
    2. Click on Existing Host and select the device you had added from the list of existing devices.
    3. Select the Addon Type from the list.
    4. Click on Add.

    Once the threat source is added, EventLog Analyzer will start parsing the fields in the logs. This log data can now be viewed in the form of reports.

    The reports provide information on the top:

    Additionally, a Symantec DLP overview report is also provided.

    Get download link