Symantec Endpoint Protection Manager 3.0.0
App Vendor: Broadcom
App Category: Endpoint
Connector Version: 3.0.0
API Version: 1.0.0
About App
This app provides integration with Symantec Endpoint Protection. Symantec Endpoint Protection provides anti-malware, intrusion prevention, and firewall features for server and desktop computers.
The Symantec Endpoint Protection Manager app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Active Scan | This action requests an active scan on the endpoint. |
Add BlackList | This action adds a blacklist as a file fingerprint list to Symantec Endpoint Protection Manager. |
Append Hash to Fingerprint File | This action adds the hashes in the provided list to the specified fingerprint file. |
Delete BlackList | This action deletes the blacklist and removes it from the associated group. |
Full Scan | This action requests a full scan on the endpoint. |
Get Fingerprint Details | This action retrieves the fingerprint file with the provided filename. |
Get Online Status | This action retrieves a list of the online and offline clients of this SEPM instance. |
Get Symantec Endpoint Protection Manager Version | This action retrieves details about the installed version of Symantec Endpoint Protection Manager. |
List Active Threats | This action retrieves the list of all the active threats configured on this instance of SEPM. |
List Computers | This action retrieves a list of all the computers in the domain with SEPM installed. |
List Groups | This action retrieves the list of all the groups configured for this instance of SEPM. |
Quarantine Computer | This action quarantines the computer(s) with the specified group, computer, or hardware key IDs. One of the group IDs, computer ID, or hardware key ID must be provided. |
Remove Hash From Fingerprint File | This action removes the hashes in the provided list from the specified fingerprint file. |
Update Endpoint Group | This action moves the computer with the specified name to the group with the provided ID. |
Generic Action | This is a generic action used to make requests to any Symantec Endpoint Protection Manager. |
Configuration Parameters
The following configuration parameters are required for the Symantec Endpoint Protection Manager app to communicate with the Symantec Endpoint Protection Manager enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL used to connect to the Symantec endpoint protection manager API. Example: https://<host>:<api_port> | Text | Required | |
Username | Enter the username used to authenticate to the Symantec Endpoint Protection Manager API. | Text | Required | |
Password | Enter the password used to authenticate to the Symantec Endpoint Protection Manager API. | Password | Required | |
Domain | Enter the name of the domain to which SEPM needs to authenticate. | Text | Optional | |
SSL Verification | Choose whether or not to perform SSL certificate verification on connections to the SEPM API. | Boolean | Optional | By default, verification is disabled. |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Symantec Endpoint Protection Manager. | Integer | Optional | Available range: 15-120 Default value: 15 |
Action: Active Scan
This action requests an active scan on the endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the group IDs on which to run the command. Example: DDBBC3630A0A11165254D691540D46BB | List | Required | You can retrieve this using the action List Groups. |
Computer ID | Enter the computer IDs on which to run the command. Example: 78C69F790A0A111638E0D8545C218494 | List | Required | You can retrieve this using the action List Computers. |
Power | Enter true to run an aggressive scan. | Boolean | Optional |
Example Request
[
{
"power": false,
"group_id": "DDBBC3630A0A11165254D691540D46BB",
"computer_id": "78C69F790A0A111638E0D8545C218494"
}
]Action: Add BlackList
This action adds a blacklist as a file fingerprint list to Symantec Endpoint Protection Manager.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Name | Enter the fingerprint list name to add the provided hashes. | Text | Required | |
Data | Enter the blacklist file's data. For v1, this is a list of hash value strings. Example: ["d41d8cd98f00b204e9800998ecf8427e","93b885adfe0da089cdf634904fd59f71"]. For v2, this is a map of hash type to value. Example: [{md5: "d41d8cd98f00b204e9800998ecf8427e"}, {sha256: "4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a"}] | Any | Required | |
Hash type | Enter the type of hash to be added. This parameter is only applicable for v1 API requests. | Text | Optional | Allowed values: MD5, SHA256 |
Description | Enter the blacklist file's description. | Text | Optional | |
Version | Enter the API version. | Text | Optional | Allowed values: v1, v2 Default value: v1 |
Example Request
[
{
"version": "v2",
"data": [
{
"MD5": "53b885adfe0da089cdf634904fd59f72",
"SHA256": "4e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa02d"
}
],
"description": "Sample description",
"fingerprint_name": "Sample name"
}
]Action: Append Hash to Fingerprint File
This action adds the hashes in the provided list to the specified fingerprint file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fingerprint File Name | Enter the name of the fingerprint file to add the provided hashes. | Text | Required | |
Hash List | Enter the list of hashes to add. | Any | Required | |
Hash Type | Enter the type of hash to be added. This parameter is only applicable for v1 API requests. | Text | Optional | Allowed values: MD5, SHA256 |
Description | Enter the description of the fingerprint blacklist file. | Text | Optional | |
Version | Enter the API version of Symantec Endpoint Protection Manager. | Text | Optional | Allowed values: v1, v2 Default value: v1 |
Example Request
[
{
"version": "v2",
"hash_list": [
{
"MD5": "53b885adfe0da089cdf634904fd59f62",
"SHA256": "4e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d"
}
],
"description": "Sample Description",
"fingerprint_name": "Sample Name"
}
]Action: Delete BlackList
This action deletes the blacklist and removes it from the associated group.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fingerprint ID | Enter the ID of the fingerprint file to delete. Example: 48D638EB7E4A4B4591D4544DDCEE532D | Text | Required | You can retrieve this using the action Get Fingerprint Details. |
Version | Enter the API version. | Text | Optional | Allowed values: v1, v2 Default value: v1 |
Example Request
[
{
"version": "v2",
"fingerprint_id": "48D638EB7E4A4B4591D4544DDCEE532D"
}
]Action: Full Scan
This action requests a full scan on the endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group ID | Enter the group IDs on which to run the command. Example: DDBBC3630A0A11165254D691540D46BB | List | Required | You can retrieve this using the action List Groups. |
Computer ID | Enter the computer IDs on which to run the command. Example: 78C69F790A0A111638E0D8545C218494 | List | Required | You can retrieve this using the action List Computers. |
Power | Enter true to run an aggressive scan. | Boolean | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: message, prompt_type, schedule_type |
Example Request
[
{
"power": true,
"group_id": "DDBBC3630A0A11165254D691540D46BB",
"computer_id": "78C69F790A0A111638E0D8545C218494",
"extra_fields": {
"message": "Requesting a full scan",
"prompt_type": "no_prompt",
"schedule_type": "later"
}
}
]Action: Get Fingerprint Details
This action retrieves the fingerprint file with the provided filename.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fingerprint File Name | Enter the name of the fingerprint file to retrieve its details. Example: Sample File Name | Text | Required | |
Domain ID | Enter the domain ID for the file fingerprint list. Example: 882470638ba84a00a95747fe5272b68b | Text | Optional | |
Version | Enter the API version of Symantec Endpoint Protection Manager. | Text | Optional | Allowed values: v1, v2 Default value: v1 |
Example Request
[
{
"version": "v1",
"domain_id": "882470638BA84A00A95747FE5272B68B",
"fingerprint_name": "Sample File Name"
}
]Action: Get Online Status
This action retrieves a list of the online and offline clients of this SEPM instance.
Action Input Parameters
No input parameters are required for this action.
Action: Get Symantec Endpoint Protection Manager Version
This action retrieves details about the installed version of Symantec Endpoint Protection Manager.
Action Input Parameters
No input parameters are required for this action.
Action: List Active Threats
This action retrieves the list of all the active threats configured on this instance of SEPM.
Action Input Parameters
No input parameters are required for this action.
Action: List Computers
This action retrieves a list of all the computers in the domain with SEPM installed.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter the extra parameters to filter the response. | Key Value | Optional | Allowed keys: computerName, computer_id, domain, feature, hardware_key, lastUpdate, mac, order, os, pageIndex, pageSize, sort, verbose |
Example Request
[
{
"extra_params": {
"mac": "*",
"sort": "COMPUTER_ID",
"order": "DESC",
"Domain": "Default",
"feature": "ips",
"verbose": "true",
"pagesize": "30",
"pageIndex": "1",
"computerName": "Sample Name"
}
}
]Action: List Groups
This action retrieves the list of all the groups configured for this instance of SEPM.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Extra Params | Enter the extra parameters to filter the response. | Key Value | Optional | Allowed keys: domainid, fullPathName, pageIndex, pageSize, sort, order, mode |
Example Request
[
{
"extra_params": {
"mode": "list",
"sort": "name",
"order": "DESC",
"domain": "Default",
"pagesize": "25",
"pageIndex": "1"
}
}
]Action: Quarantine Computer
This action quarantines the computer(s) with the specified group, computer, or hardware key IDs. One of the group IDs, computer ID, or hardware key ID must be provided.
Note
When you need to quarantine computers, it's crucial to select the right parameters to keep your systems secure. If you want to quarantine an entire group of computers, use the Group ID parameter. However, if you only need to quarantine a particular computer or hardware, it's best to avoid using the Group ID and instead use the Computer ID or Hardware Key ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Group IDs | Enter the IDs of the group to quarantine. Group ID associates with computer groups and contains multiple computers associated with a group. You must specify at least one of group ID, computer ID, or hardware key ID. | List | Optional | You can retrieve this using the action List Groups. |
Computer IDs | Enter the IDs of the group to quarantine. You must specify at least one of group ID, computer ID, or hardware key ID. | List | Optional | You can retrieve this using the action List Computers. |
Hardware Key IDs | Enter the computer hardware keys to quarantine. You must specify at least one of group ID, computer ID, or hardware key ID. | List | Optional | |
Undo | Choose true to undo the quarantine. | Boolean | Optional |
Example Request
[
{
"undo": true,
"group_id": [
"DDBBC3630A0A11165254D691540D46BB"
],
"hardware_key_id": [
"82AEBE7CF347A4D4B73A9944C29B9CB2",
"36CC8494D36B8AEB4397E483186EBA76"
]
}
]Action: Remove Hash From Fingerprint File
This action removes the hashes in the provided list from the specified fingerprint file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fingerprint File Name | Enter the name of the fingerprint file to remove the provided hash. | Text | Required | |
Hash List | Enter the list of hashes to remove. | Any | Required | |
Hash Type | Enter the type of hash to be added. This parameter is only applicable for v1 API requests. | Text | Optional | Allowed values: MD5, SHA256 |
Description | Enter the description of the fingerprint blacklist file. | Text | Optional | |
Version | Enter the API version of Symantec Endpoint Protection Manager. | Text | Optional | Allowed values: v1, v2 Default value: v1 |
Example Request
[
{
"version": "v2",
"hash_list": [
{
"MD5": "53b885adfe0da089cdf634904fd59f62",
"SHA256": "4e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d"
}
],
"description": "Sample description",
"fingerprint_name": "Sample Name"
}
]Action: Update Endpoint Group
This action moves the computer with the specified name to the group with the provided ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Computer Name | Enter the name of the computer to be moved. | Text | Required | |
Group ID | Enter the ID of the group to move the computer to. | Text | Required | You can retrieve this using the action List Groups. |
Example Request
[
{
"group_id": "DDBBC3630A0A11165254D691540D46BB",
"computer_name": "Sample Name"
}
] Action: Generic Action
This is a generic action used to make requests to any Symantec Endpoint Protection Manager endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | |
Endpoint | Enter the endpoint to make the request. Example: v1/command-queue/fullscan | Text | Required | |
Query Params | Enter the query parameters to pass to the API. | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the additional parameters to pass. Example: {'custoum_output':'this is a custom output'} | Key Value | Optional | Allowed keys: payload_data, download, files, filename, retry_wait, retry_count, custom_output, response_type |
Example Request
[
{
"method": "GET",
"endpoint": "v1/groups",
"extra_fields": {},
"query_params": {}
}
]