Symantec Endpoint Protection Manager 1.0.0
App Vendor: Symantec Endpoint Protection Management (SEPM)
App Category: Endpoint Protection
App Version in Orchestrate: 1.0 (Latest)
About App
The SEPM app in Orchestrate allows your security team to communicate with the Symantec application to gather data that helps your security team in real-time and persistent management of endpoints inside and outside the perimeter, and extensive deployment, asset management, and patch management. SEPM app configured with Orchestrate application can perform the below-listed actions:
Get the list of Groups from the SEPM application
Get the list of fingerprint details from the SEPM application
Append a Hash to a Fingerprint list in the SEPM application
Get a list of Active Threats on all Endpoints from the SEPM application
Get the online status of the SEPM application for a particular computer
Get the list of all computers that have Symantec Endpoint Protection installed
Get the details about the version of SEPM installed
Quarantine a computer and block communication with all assets using the SEPM application
Update an Endpoint Group in the SEPM application
Configuration parameters
Below is the list of configuration parameters that are required for the SEPM app to communicate with the SEPM application. The parameters can be configured by creating instances in the app.
Variable | Description | Type | Required |
IP | The IP address of the SEPM application | Text | Required |
Username | Username for Endpoint authentication | Text | Required |
Password | Password credentials for Endpoint authentication | Text | Required |
domain | Domain details of the SEPM application | Text | Optional |
Port | Port details for communicating with the SEPM application | Integer | Optional |
Supported Actions
Action name | Description |
Get the list of Groups | This action can be used to get the list of Groups for an Endpoint from the SEPM application |
Get the list of Fingerprint details | This action can be used to get the list of fingerprints from the SEPM application |
Append a file Hash to a Fingerprint list | This action can be used to append a Hash to a Fingerprint list in the SEPM application and block it |
Get a list of Active Threats on all Endpoints | This action can be used to get details of active threats on all Endpoints from the SEPM application |
Get the online status of SEPM on a Computer | This action can be used to get the online status of the SEPM application for a particular computer |
Get the list of all computers that have SEPM installed | This action can be used to get the list of all computers that have Symantec Endpoint Protection installed |
Get the version of SEPM installed | This action can be used to get the details about the version of SEPM installed |
Quarantine a computer and block communication with all assets | This action can be used to quarantine a computer and block communication with all assets using the SEPM application |
Update an Endpoint Group in SEPM | This action can be used to update an Endpoint Group in the SEPM application |
Action: Get the list of Groups
This action can be used to get the list of Groups for an Endpoint from the SEPM application.
Action Input parameters
No Input parameters are required for this action.
Action Output parameters
Example Response
{
"symantec": {
"size": 25,
"number": 0,
"content": [
{
"customIpsNumber": "",
"policySerialNumber": "6AAE-04/04/2019 00:00:10 096",
"policyInheritanceEnabled": true,
"lastModified": 1554279872236,
"description": "",
"policyDate": 1554336010096,
"name": "Default Group",
"created": 1554279872236,
"fullPathName": "My Company\\Default Group",
"id": "6AAECFAFAC1F1E4206DFBD5560CC363B",
"domain": {
"name": "Default",
"id": "B73AC99BAC1F1E422C7FB0CB1911979F"
},
"numberOfPhysicalComputers": 0,
"numberOfRegisteredUsers": 0,
"createdBy": "AF3C39A10A320801000000DBF200C60A"
},
],
"firstPage": true,
"totalElements": 3,
"lastPage": true,
"sort": [
{
"property": "NAME",
"direction": "ASC",
"ascending": true
}
],
"totalPages": 1,
"numberOfElements": 3
}
}Element | Type |
example-setup | instance data objects |
sort | array of sorting data |
ascending | boolean |
property | string |
direction | string |
lastPage | boolean |
totalElements | integer |
number | integer |
totalPages | integer |
numberOfElements | integer |
content | array of content data |
policySerialNumber* | string |
domain* | domain data objects |
name* | string |
id* | string |
policyInheritanceEnabled* | boolean |
customIpsNumber* | string |
fullPathName* | string |
numberOfPhysicalComputers* | integer |
numberOfRegisteredUsers* | integer |
name* | string |
description* | string |
createdBy* | string |
created* | integer |
lastModified* | integer |
policyDate* | integer |
size | integer |
firstPage | boolean |
Action: Get a list of Active Threats on all Endpoints
This action can be used to get details of active threats on all Endpoints from the SEPM application.
Action Input parameters
No Input parameters are required for this action.
Action Output parameters
Example Response
{
"symantec": {
"Stats": {
"lastUpdated": "1569416269485",
"infectedClients": "0"
}
}
}Element | Type |
example-setup | instance data objects |
Stats | stats data objects |
lastUpdated | integer |
infectedClients | integer |
Action: Get the online status of SEPM on a Computer
This action can be used to get the online status of the SEPM application for a particular computer.
Action Input parameters
No Input parameters are required for this action.
Action Output parameters
Example Response
{
"symantec": {
"size": 20,
"number": 0,
"content": [
{
"telemetryMid": "DD93F5E2-CF6C-4AA8-B64A-87A9F76C5172",
"profileChecksum": null,
"dnsServers": [
"172.31.0.2",
"FEC0:0000:0000:FFFF:0000:0000:0000:0001"
],
"licenseExpiry": 0,
"oslanguage": "en-US",
"officePhone": "",
"contentUpdate": 1,
"kernel": null,
"memory": 1073332224,
"groupUpdateProvider": false,
"snacLicenseId": null,
"installType": "0",
"lastServerId": "FD39B0FAAC1F1E42622DD7AA103CFEC3",
"winServers": [
"0.0.0.0",
"0.0.0.0"
],
"publicKey": "BgIAAACkAABSU0ExAAgAAAEAAQDJlJIJJJCABYkKQh8vxTYngWPLjtqzDTiaz8RRQstcOBfEqIz0jQ7LqUOnViDrCMz3DXMIzPkxWxZIxVL7ai3S1oUOOHuEZfDe5pSwOR8K0jFm4Y7YfmiHeEQQ6bVpjS6lji5O9V+oMrqmLRZfLC+26IZvpJPIH30gIuE7eubJabSL+BDiJYhNGkUtMaMAwJ2T0ygZ7+WudDJ/SvBK1+6mmW6GhuxQfoaDiL2hIselgj3fEy1Q0w10vfEIzpqHa7+kUFs+FnjX2EesamXuBnw54PVn+2D2rXgYIfkAz3VhBfTII0iff8GcPtKv5twOEhpFO/GO7eh1DUPf6LmCYKXB",
"osElamStatus": 0,
"atpServer": "",
"osversion": "10.0",
"uwf": 2,
"ptpOnOff": 1,
"deleted": 0,
"computerName": "20A-Server",
"majorVersion": 14,
"patternIdx": "21EA6CC7F5381AC184D12A6D3EE0FEFB",
"pepOnOff": 1,
"homePhone": "",
"lastSiteId": "E8CAF370AC1F1E4261E84BD7D73EECF6",
"gateways": [
"172.31.16.1",
"172.31.16.1",
"0.0.0.0",
"0.0.0.0"
],
"lastUpdateTime": 1568295176906,
"fbwf": 2,
"agentVersion": "14.2.1023.0100",
"rebootRequired": 0,
"uuid": "EC25C7F0-2A05-354E-DA4E-0E707C62716E",
"osVersion": "10.0",
"licenseStatus": -1,
"osLanguage": "en-US",
"cidsDrvOnOff": 1,
"deploymentPreVersion": "",
"minorVersion": 2,
"deploymentStatus": "302456832",
"mobilePhone": "",
"osbitness": "x64",
"totalDiskSpace": 30717,
"bashStatus": 1,
"daOnOff": 1,
"cidsDefsetVersion": "190509061",
"subnetMasks": [
"255.255.240.0",
"64"
],
"encryptedDevicePassword": null,
"lastSiteName": "My Site",
"osServicePack": "",
"bwf": 2,
"timeZone": 0,
"quarantineDesc": "Host Integrity check is disabled.\n Host Integrity policy has been disabled by the administrator.",
"employeeNumber": "",
"logicalCpus": 0,
"loginDomain": "LocalComputer",
"lastVirusTime": 0,
"deploymentTargetVersion": "14.2.1023.0100",
"freeMem": 207704064,
"cidsDrvMulfCode": 0,
"processorClock": 2400,
"lastConnectedIpAddr": "172.31.18.135",
"idsChecksum": null,
"profileVersion": "14.2.1023",
"osMinor": 0,
"biosVersion": "Xen - 0 Revision: 1.221",
"idsSerialNo": "",
"dhcpServer": "172.31.16.1",
"freeDisk": 15824150528,
"avEngineOnOff": 1,
"worstInfectionIdx": "9999",
"osmajor": 10,
"infected": 0,
"svaId": null,
"idsVersion": "",
"profileSerialNo": "5C81-09/11/2019 16:09:08 852",
"licenseId": null,
"elamOnOff": 1,
"lastHeuristicThreatTime": 0,
"department": "",
"tamperOnOff": 1,
"operatingSystem": "Windows Server 2016 Datacenter Edition",
"agentId": "07C14AB0AC1F1E424713013C87EDE4ED",
"email": "",
"vsicStatus": 3,
"attributeExtension": "",
"telemetryHwid": "C861271E-9242-6C6C-902B-FD623AA18BB6",
"tpmDevice": "0",
"employeeStatus": "",
"cidsEngineVersion": "16.2.1.22",
"currentClientId": "1B492038AC1F1E424713013C88F28B08",
"cidsBrowserFfOnOff": 1,
"macAddresses": [
"06-15-9B-D7-7D-A0",
"06-15-9B-D7-7D-A0"
],
"computerTimeStamp": 1568292468939,
"tmpDevice": null,
"osservicePack": "",
"isNpvdiClient": 0,
"physicalCpus": 1,
"lastScanTime": 1568253184000,
"diskDrive": "C:\\",
"osName": "Windows Server 2016",
"cidsSilentMode": 0,
"edrStatus": 0,
"hypervisorVendorId": "0",
"agentTimeStamp": 1568295796921,
"hardwareKey": "396375A83FEF89B8074978672F7CC403",
"processorType": "Intel64 Family 6 Model 63 Stepping 2",
"osBitness": "x64",
"lastDeploymentTime": 1554283785000,
"virtualizationPlatform": "Unknown",
"securityVirtualAppliance": null,
"osfunction": "Server",
"ipAddresses": [
"172.31.18.135",
"FE80:0000:0000:0000:BD87:203B:0053:3DB9"
],
"logonUserName": "Administrator",
"serialNumber": "ec25c7f0-2a05-354e-da4e-0e707c62716e",
"atpDeviceId": null,
"osname": "Windows Server 2016",
"jobTitle": "",
"group": {
"fullPathName": null,
"id": "5C81DA33AC1F1E4235BAE21B51F45401",
"domain": {
"name": "Default",
"id": "B73AC99BAC1F1E422C7FB0CB1911979F"
},
"name": "My Company\\Quarantine Host",
"externalReferenceId": null,
"source": null
},
"computerDescription": "",
"agentType": "105",
"deploymentMessage": "",
"rebootReason": "",
"onlineStatus": 0,
"computerUsn": 1383939,
"writeFiltersStatus": null,
"description": "",
"osFlavorNumber": 8,
"osFunction": "Server",
"domainOrWorkgroup": "WORKGROUP",
"isGrace": 0,
"osflavorNumber": 8,
"apOnOff": 1,
"osMajor": 10,
"deploymentRunningVersion": "14.2.1023.0100",
"fullName": "",
"uniqueId": "606E3F94AC1F1E424713013CD04DDDEB",
"lastServerName": "EC2AMAZ-UT79Q93",
"osminor": 0,
"agentUsn": 1384537,
"firewallOnOff": 1,
"cidsBrowserIeOnOff": 1,
"lastDownloadTime": 1557500262312,
"creationTime": 1568199495552
},
],
"firstPage": true,
"totalElements": 2,
"lastPage": true,
"sort": [
{
"property": "COMPUTER_NAME",
"direction": "ASC",
"ascending": true
}
],
"totalPages": 1,
"numberOfElements": 2
}
}Element | Type |
example-setup | instance data objects |
lastUpdated | integer |
clientCountStatsList | array of client count status data |
status | string |
clientsCount | integer |
Action: Get the list of all computers that have SEPM installed
This action can be used to get the details about the version of SEPM installed.
Action Input parameters
No Input parameters are required for the action.
Action Output parameters
Element | Type |
example-setup | instance date objects |
firstPage | boolean |
totalPages | integer |
lastPage | boolean |
number | integer |
content | array of computer details data |
lastSiteId* | string |
osbitness* | string |
osName* | string |
operatingSystem* | string |
apOnOff* | integer |
homePhone* | string |
osmajor* | integer |
osname* | string |
hardwareKey* | string |
tpmDevice* | string |
computerTimeStamp* | integer |
deploymentMessage* | string |
quarantineDesc* | string |
virtualizationPlatform* | string |
osFlavorNumber* | integer |
lastServerName* | string |
profileSerialNo* | string |
processorClock* | integer |
macAddresses* | array of Mac Address data |
deploymentStatus* | string |
deploymentTargetVersion* | string |
memory* | integer |
rebootRequired* | integer |
osMinor* | integer |
osversion* | string |
osminor* | integer |
loginDomain* | string |
logonUserName* | string |
computerDescription* | string |
uwf* | integer |
totalDiskSpace* | integer |
pepOnOff* | integer |
contentUpdate* | integer |
majorVersion* | integer |
securityVirtualAppliance* | string |
computerUsn* | integer |
atpServer* | string |
osElamStatus* | integer |
cidsSilentMode* | integer |
department* | string |
osMajor* | integer |
kernel* | string |
cidsDrvMulfCode* | integer |
bwf* | integer |
cidsBrowserFfOnOff* | integer |
osFunction* | string |
cidsDrvOnOff* | integer |
osfunction* | string |
currentClientId* | string |
idsVersion* | string |
gateways* | array of IP gateway data |
dnsServers* | array of servers data |
logicalCpus* | integer |
profileChecksum* | string |
physicalCpus* | integer |
cidsEngineVersion* | string |
patternIdx* | string |
infected* | integer |
computerName* | string |
subnetMasks* | string |
osServicePack* | string |
lastVirusTime* | integer |
jobTitle* | string |
creationTime* | integer |
timeZone* | integer |
hypervisorVendorId* | string |
agentType* | string |
agentVersion* | string |
biosVersion* | string |
agentId* | string |
idsChecksum* | string |
lastConnectedIpAddr* | string |
oslanguage* | string |
daOnOff* | integer |
osflavorNumber* | integer |
osVersion* | string |
idsSerialNo* | string |
publicKey* | string |
officePhone* | string |
ipAddresses* | array of IP address data |
uniqueId* | string |
description* | string |
lastDeploymentTime* | integer |
vsicStatus* | integer |
licenseId* | string |
uuid* | string |
lastHeuristicThreatTime* | integer |
osservicePack* | string |
deploymentRunningVersion* | string |
lastScanTime* | integer |
osBitness* | string |
isGrace* | integer |
lastSiteName* | string |
fullName* | string |
avEngineOnOff* | integer |
fbwf* | integer |
bashStatus* | integer |
processorType* | string |
atpDeviceId* | string |
telemetryMid* | string |
licenseExpiry* | integer |
svaId* | string |
isNpvdiClient* | integer |
encryptedDevicePassword* | string |
lastDownloadTime* | integer |
agentTimeStamp* | integer |
rebootReason* | string |
domainOrWorkgroup* | string |
elamOnOff* | integer |
lastUpdateTime* | integer |
groupUpdateProvider* | boolean |
serialNumber* | string |
agentUsn* | integer |
cidsBrowserIeOnOff* | integer |
group* | group data objects |
name* | string |
fullPathName* | string |
id* | string |
source* | string |
externalReferenceId* | string |
domain* | domain data objects |
dhcpServer* | string |
freeMem* | integer |
installType* | string |
osLanguage* | string |
edrStatus* | integer |
telemetryHwid* | string |
cidsDefsetVersion* | string |
winServers* | array of server data |
writeFiltersStatus* | string |
mobilePhone* | string |
deploymentPreVersion* | string |
snacLicenseId* | string |
worstInfectionIdx* | string |
tmpDevice* | string |
attributeExtension* | string |
ptpOnOff* | integer |
firewallOnOff* | integer |
email* | string |
onlineStatus* | integer |
employeeNumber* | string |
diskDrive* | string |
employeeStatus* | string |
deleted* | integer |
minorVersion* | integer |
lastServerId* | string |
licenseStatus* | integer |
freeDisk* | integer |
profileVersion* | string |
tamperOnOff* | integer |
Action: Get the version of SEPM installed
This action can be used to get the details about the version of SEPM installed.
Action Input parameters
No Input parameters are required for this action.
Action Output parameters
Example Response
{
"symantec": {
"version": "14.2.1023.0100",
"API_SEQUENCE": "181014009",
"API_VERSION": "1.0.0"
}
}Element | Type |
example-setup | instance data objects |
API_VERSION | string |
version | string |
API_SEQUENCE | string |
Action: Quarantine a computer and block communication with all assets
This action can be used to quarantine a computer and block communication with all assets using the SEPM application.
Action Input parameters
Element | Description | Type | Required |
group_ids | The ID of the group of Endpoints to which the computer belongs to | Text | Required Note:
|
computer_ids | The unique ID used for identifying the computer | Text | Required Note:
|
hardware_keys_ids | Hardware Key used for identifying the computer | Text | Required Note:
|
Action Output Parameters
Example Response
{
"symantec": {
"commandID_group": "9AC812F983304FFEBA4CD63598ED095B",
"commandID_computer": "C6ACFB0D599D4315BAC90822A83E3124"
}
}Element | Type |
example-setup | instance data objects |
commandID_group | string |
commandID_computer | string |
Action: Update an Endpoint Group in SEPM
This action can be used to update an Endpoint Group in the SEPM application.
Action Input parameters
Element | Description | Type | Required |
computer_name | Name of the computer to be updated | Text | Required Note:
|
group_ids | The ID of the group of Endpoints to which the computer belongs to | Text | Required Note:
|
Action Output parameters
Example Response
{
"symantec": [
{
"responseCode": "200",
"responseMessage": "OK"
}
]
}Element | Type |
example-setup | instance data objects |
responseMessage | string |
responseCode | string |