The ITSI Content Pack for Symantec Endpoint Protection (SEP) from Kinney Group is specifically designed to monitor the health and performance of SEP across your network. It leverages Splunk ITSI to provide in-depth analysis and visualization of logs for SEP, ensuring that all endpoints are protected and compliant with security policies. This content pack is an essential tool for IT professionals looking to enhance the security and efficiency of their endpoint protection infrastructure.
- Comprehensive Endpoint Protection Monitoring: Offers detailed insights into the protection status, virus definitions, and policy compliance of endpoints, ensuring optimal security.
- Real-Time Threat Detection: Monitors and detects various types of threats, including viruses, malware, and spyware, enabling immediate response and mitigation.
- Enhanced System Performance: Tracks the impact of SEP on system performance, including CPU and memory usage, to ensure that endpoint protection does not hinder system operations.
This ITSI Content Pack is open source and available for community collaboration and enhancement on GitHub.
For more information about Kinney Group's Splunk Products, visit our website.
The ITSI Content Pack for Symantec Endpoint Protection (SEP) contains service definitions and KPIs ready to import to ITSI. The KPI Thresholds and importance values are set to defaults so that they can be tuned manually for your use case. This content pack helps users monitor the overall protection status of endpoints, ensuring that virus definitions are up-to-date, real-time protection is enabled, and security policies are complied with.
Kinney Group ITSI Content Pack Blog
For more information about Kinney Group's Splunk Products, visit our website.
SEP monitoring encompasses several specialized services, each targeting specific aspects of endpoint protection:
- Endpoint Protection
- Description: Manages the overall protection status of endpoints, including real-time protection, virus definitions, and policy compliance.
- Virus Definitions
- Description: Ensures that all endpoints have the latest virus and spyware definitions.
- Real-Time Protection
- Description: Monitors and ensures that real-time protection features like Auto-Protect are enabled and functioning.
- Policy Compliance
- Description: Ensures that all endpoints comply with the defined security policies.
- Threat Detection
- Description: Monitors and detects various types of threats, including viruses, malware, and spyware.
- System Performance
- Description: Monitors the impact of Symantec Endpoint Protection on system performance, including CPU and memory usage.
- Network Activity
- Description: Monitors network traffic related to Symantec Endpoint Protection, including blocked and allowed connections.
Each service utilizes specific KPIs to measure its effectiveness:
- Definition Status
- Description: Status of virus definition updates.
- Definition Age
- Description: Age of the virus definitions on endpoints.
- Auto-Protect Status
- Description: Status of Auto-Protect.
- Real-Time Enabled
- Description: Check if real-time protection is enabled.
- Compliance Status
- Description: Compliance status of endpoints with security policies.
- Non-Compliance Count
- Description: Number of endpoints out of compliance.
- Detected Threats
- Description: Number of detected threats.
- Threat Types
- Description: Types of threats detected.
- Resolved Threats
- Description: Number of resolved threats.
- CPU Usage
- Description: CPU usage by SEP processes.
- Memory Usage
- Description: Memory usage by SEP processes.
- Blocked Connections
- Description: Number of blocked network connections.
- Allowed Connections
- Description: Number of allowed network connections.
Services are interconnected; for instance, Endpoint Protection is dependent on Virus Definitions, Real-Time Protection, and Policy Compliance. Similarly, Virus Definitions rely on Update Distribution to ensure all endpoints receive the latest definitions.
Some services form a hierarchy, such as Real-Time Protection depending on Threat Detection, illustrating a layered approach to protection where base metrics support broader security indicators.
Kinney Group ITSI Content Pack Blog
To provide feedback, visit our Github and Readme for our content packs.
For more information about Kinney Group's Splunk Products, visit our website
| Version | Date | Description |
|---|---|---|
| 0.0.1 | 06/06/24 | Initial Preview Release |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent