Symantec Endpoint Protection Manager 2.0.0
App Vendor: Symantec Endpoint Protection Manager
App Category: Endpoint
Connector Version: 2.1.0
API Version: 1.0.0
About App
This app provides integration with Symantec Endpoint Protection. Symantec Endpoint Protection provides anti-malware, intrusion prevention, and firewall features for server and desktop computers.
The Symantec Endpoint Protection Manager app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Active Scan | This action requests an active scan on the endpoint. |
Append Hash to Fingerprint File | This action adds the hashes in the provided list to the specified fingerprint file. |
Full Scan | This action requests a full scan on the endpoint. |
Generic Action | This is a generic action used to transcend the actions implemented by making a request to any endpoint. |
Get Fingerprint Details | This action retrieves the fingerprint file with the provided filename. |
Get Online Status | This action retrieves a list of the online and offline clients of this sepm instance. |
Get Symantec Endpoint Protection Manager Version | This action retrieves details about the version of Symantec Endpoint Protection Manager installed. |
List Active Threats | This action retrieves the list of all the active threats configured on this instance of sepm. |
List Computers | This action retrieves a list of all the computers in the domain with SEPM installed. |
List Groups | This action retrieves the list of all the groups configured for this instance of SEPM. |
Quarantine Computer | This action quarantines the computer(s) with the specified group, computer, or hardware key IDs. One of the group IDs, computer ID, or hardware key ID must be provided. |
Remove Hash From Fingerprint File | This action removes the hashes in the provided list from the specified fingerprint file. |
Update Endpoint Group | This action moves the computer with the specified name to the group with the provided ID. |
Configuration Parameters
The following configuration parameters are required for the Symantec Endpoint Protection Manager app to communicate with the Symantec Endpoint Protection Manager enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Engter the base URL used to connect to the Symantec endpoint protection manager API. Example: https://host:api_port | Text | Required |
|
Username | Enter the username used to authenticate to the symantec endpoint protection manager API. | Text | Required |
|
Password | Enter the password used to authenticate to the symantec endpoint protection manager API. | Password | Required |
|
Domain | Enter the name of the domain to which SEPM needs to authenticate. | Text | Optional |
|
SSL Verification | Choose whether or not to perform SSL certificate verification on connections to the SEPM API. | Boolean | Optional |
|
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Symantec Endpoint Protection Manager. | Integer | Optional | Available range: 15-120 seconds Default value: 15 seconds |
Action: Active Scan
This action requests an active scan on the endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the group ID on which you want to run the command. | Text | Required |
|
Computer ID | Enter the computer ID on which you want to run the command. | Text | Required |
|
Action: Append Hash to Fingerprint File
This action adds the hashes in the provided list to the specified fingerprint file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fingerprint File Name | Name of fingerprint file to add provided hashes to. | Text | Required |
|
Hash List | List of hashes to add. | Any | Required |
|
Hash Type | Type of submitted hashes. Example: md5 | Text | Optional |
|
Description | Description of fingerprint blacklist file. | Text | Optional |
|
Action: Full Scan
This action requests a full scan on the endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the group ID on which to run the command. | Text | Required |
|
Computer ID | Enter the computer ID on which to run the command. | Text | Required |
|
Action: Generic Action
This is a generic action used to transcend the actions implemented by making a request to any endpoint
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make a request. | Text | Required |
|
Endpoint | Enter the endpoint to make the request. Example: command-queue/fullscan | Text | Required |
|
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional |
|
Payload | Enter the payload to pass to the API. | Any | Optional |
|
Extra fields | Enter the additional parameters to pass. For available keys refer to the document. Example: {'custom_output':'this is a custom output'} | Key Value | Optional | Available values:
|
Action: Get Fingerprint Details
This action retrieves the fingerprint file with the provided filename.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fingerprint File Name | Name of fingerprint file to get. | Text | Required |
|
Action: Get Online Status
This action retrieves a list of the online and offline clients of this SEPM instance.
Action Input Parameters
No input parameters are required for this action.
Action: Get Symantec Endpoint Protection Manager Version
This action retrieves details about the version of Symantec Endpoint Protection Manager installed.
Action Input Parameters
No input parameters are required for this action.
Action: List Active Threats
This action retrieves the list of all the active threats configured on this instance of sepm.
Action Input Parameters
No input parameters are required for this action.
Action: List Computers
This action retrieves a list of all the computers in the domain with SEPM installed.
Action Input Parameters
No input parameters are required for this action.
Action: List Groups
This action retrieves the list of all the groups configured for this instance of SEPM.
Action Input Parameters
No input parameters are required for this action.
Action: Quarantine Computer
This action quarantines the computer(s) with the specified group, computer, or hardware key IDs. One of the group IDs, computer ID, or hardware key ID must be provided.
Note
When you need to quarantine computers, it's crucial to select the right parameters to keep your systems secure. If you want to quarantine an entire group of computers, use the Group ID parameter. However, if you only need to quarantine a particular computer or hardware, it's best to avoid using the Group ID and instead use the Computer ID or Hardware Key ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Denotes the Group ID of the computers to quarantine. Group ID associates with computer groups and contains multiple computers associated with a group. | Text | Optional | |
Computer ID | Denotes the Computer ID of the computer to quarantine. | Text | Optional | |
Hardware key ID | Denotes the Hardware key ID of computers to quarantine. | Text | Optional |
Action: Remove Hash From Fingerprint File
This action removes the hashes in the provided list from the specified fingerprint file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fingerprint File Name | Name of fingerprint file to remove provided hash from. | Text | Required |
|
Hash List | List of hashes to remove. | Any | Required |
|
Hash Type | Type of submitted hashes Example: md5 | Text | Optional |
|
Description | Description of fingerprint blacklist file. | Text | Optional |
|
Action: Update Endpoint Group
This action moves the computer with the specified name to the group with the provided ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Computer Name | Name of the computer to be moved. | Text | Required |
|
Group ID | ID of the group to move the computer to. | Text | Required |
|