Symantec Endpoint Protection log analysis

Organizations today face highly sophisticated security attacks on their networks. Endpoints are now major targets, as it's easy to bring an entire network down by infecting just one endpoint device.

With ransomware and zero-day attacks trending upward, many organizations have turned to endpoint security solutions to maintain the confidentiality, integrity, and availability of their endpoint assets.

Security auditing for Symantec Endpoint Protection using EventLog Analyzer

Symantec Endpoint Protection helps stop zero-day exploits and malware, including an assortment of viruses, worms, Trojans, spyware, bots, adware, and rootkits. Collecting and processing logs from Symantec Endpoint Protection helps organizations gain better insights and improve their security posture.

Additionally, EventLog Analyzer  collects and analyzes log data from Symantec DLP application to ensure the integrity of confidential business information. The parsed logs from Symantec Endpoint Protection and Symantec DLP can provide comprehensive reports on the following aspects.

• Logon activity: View the list of all the successful logons to the device, including the hosts and users with the most number of logons as well as the overall trend in logon patterns.
• Failed logons: See all failed logon attempts to the device, the hosts and users with the most number of failed logons, and the trend in failed logon patterns.
• User account management: Discover all admin accounts that have been added, deleted, or modified.
• Policy changes: View the list of changes made to a Symantec Endpoint Protection device.
• Risks: Examine an overview of the risks that have been identified by Symantec Endpoint Protection.
• Viruses: See which devices are infected with viruses and other security risks, including spyware, adware, and other files that can put a computer or network at risk.
• Port scans: View the list of all port scan detections that occurred due to packets being blocked on these ports within a short amount of time.
• Commercial applications: See the list of all the devices on which commercial applications have been installed and are running.
• Threats: Examine the list of all unknown threats, such as Trojan horses, worms, or keyloggers found during threat scanning.
• HIPS activity: View the list of attacks detected by the intrusion prevention system of Symantec Endpoint Protection.
• Data Loss Prevention: Get actionable insights on top senders, recipients, protocol used, target data, and data owners.

Antivirus softwares supported by EventLog Analyzer