Source types for the Splunk Add-on for Symantec Endpoint Protection¶
The Splunk Add-on for Symantec Endpoint protection collects data from:
- Local SEPM dump files
- Splunk Connect for Syslog
Splunk Add-on for Symantec Endpoint Protection applies the following source types to your monitor inputs:
| Source type | Description | CIM compatibility |
|---|---|---|
symantec:ep:behavior:file |
Application and device control log data from agt_behavior.tmp. |
Intrusion Detection |
symantec:ep:agent:file |
Server client log data from scm_agent_act.tmp. |
Change |
symantec:ep:scm_system:file |
Server system data from scm_system.tmp. |
Change, Authentication, Alerts |
symantec:ep:proactive:file |
Client proactive threat log data from agt_proactive.tmp. |
Malware |
symantec:ep:risk:file |
Client risk log data from agt_risk.tmp. |
Malware |
symantec:ep:scan:file |
Client scan log data from agt_scan.tmp. |
Alerts |
symantec:ep:security:file |
Client security log data from agt_security.tmp. |
Intrusion Detection, Alerts |
symantec:ep:agt_system:file |
Client system log data from agt_system.tmp. |
Change, Alerts, Intrusion Detection |
symantec:ep:policy:file |
Server policy log data from scm_policy.tmp. |
Change |
symantec:ep:admin:file |
Server administration log data from scm_admin.tmp. |
Authentication, Change |
symantec:ep:traffic:file |
Client traffic log data from agt_traffic.tmp. |
Network Traffic |
symantec:ep:packet:file |
Client packet log data from agt_packet.tmp. |
Network Traffic |
symantec:ep:admin:syslog |
Server administration log data from scm_admin syslog. | Authentication, Change |
symantec:ep:agent:syslog |
Server client log data from scm_agent_act syslog. |
Change, Alerts |
symantec:ep:agt:system:syslog |
Client system log data from agt_system syslog. |
Change, Alerts, Inventory, Network Traffic |
symantec:ep:behavior:syslog |
Application and device control log data from agt_behavior syslog. |
Intrusion Detection |
symantec:ep:packet:syslog |
Client packet log data from agt_packet syslog. |
Network Traffic |
symantec:ep:policy:syslog |
Server policy log data from scm_policy syslog. |
Change |
symantec:ep:proactive:syslog |
Client proactive threat log data from agt_proactive syslog. |
Malware |
symantec:ep:risk:syslog |
Client risk log data from agt_risk syslog. |
Malware |
symantec:ep:scan:syslog |
Client scan log data from agt_scan syslog. |
Alerts |
symantec:ep:scm:system:syslog |
Server system data from scm_system syslog. |
Change, Authentication, Alerts |
symantec:ep:security:syslog |
Client security log data from agt_security syslog. |
Intrusion Detection, Alerts |
symantec:ep:traffic:syslog |
Client traffic log data from agt_traffic syslog. |
Network Traffic |